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YoiceXML  making  Web 
heard  in  call  centers 


■  BY  ANN  BEDNARZ  AND 
PHIL  HOCHMUTH 

Aspect  Communications  this 
week  will  announce  call  center 
software  that  essentially  will 
enable  users  to  navi¬ 
gate  Web  content  via 
voice  commands. 

The  Aspect  news 
comes  on  the  heels  of  Avaya’s 
announcement  last  week  of  inter¬ 
active  voice  response  (IVR)  soft¬ 
ware  that  will  make  data  con¬ 
tained  in  corporate  directories 
and  databases  available  to  callers 
via  spoken  commands. 

At  the  heart  of  both  efforts  is 


support  for  the  latest  release  of 
VoiceXML  (VXML),  Version  2.0. 
An  extension  to  the  XML  docu¬ 
ment  formatting  standard, VXML 
streamlines  development  of 
voice-driven  applications  for  re 
trieving  Web  content. 

While  using  voice 
commands  to  retrieve 
information  is  a  rou¬ 
tine  IVR  task,  emerging  tools  sup¬ 
port  more  complex,  speech-dri¬ 
ven  activities,  such  as  filling  out 
forms  or  retrieving  product  infor¬ 
mation,  all  in  a  standards  com¬ 
pliant  rather  than  proprietary 
environment. 

See  Call  centers,  page  12 


■  For  more  call 
center  coverage, 
see  page  13. 


There's  more  to  security  than  firewalls.  Network  World 
Global  Test  Alliance  member  Miercom  put  six  antivirus 
tools  and  six  content-filtering  devices  to  the  test,  and 
came  away  impressed 
with  the  results. 


**37 


■U 


Microsoft  on  .Net: 
Hard  work  ahead 

■  BY  JOHN  FONTANA 

REDMOND,  WASH. —  Microsoft  last  week  said  it 
was  finished  with  the  initial  phase  of  its  .Net  rollout 
—  providing  development  tools  and  basic  stan¬ 
dards  support  —  and  now  is  focusing  on  building 
the  infrastructure  needed  to  support  Web  services. 

That  includes  real-time  communication  capabili¬ 
ties,  secure  authentication,  reliable  transactional 
messaging  and  a  single  data  store  technology 

Net  executives  are  glad  to  see  Microsoft  is  ready  to 
attack  difficult  .Net  infrastructure  issues.  Users  say 
the  .Net  infrastructure  today  consists  of  mostly  retro¬ 
fitted  products  that  aren’t  well  integrated. 

But  much  like  two  years  ago  when  Microsoft  intro¬ 
duced  .Net,  critics  say  Microsoft’s  second  .Net  wave, 

See  Microsoft,  page  60 


Self-evaluation 


Microsoft’s  Chief  Software  Architect  Bill 
Gates  gave  his  company  this  report  card 
last  week  on  its  2-year-old  .Net  initiative. 
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WorldCom  users  hedge  bets 


III  would  not  have 
taken  this  job  if 
I  thought  we 
were  going  to 
be  out  of  busi¬ 
ness  next  week. 

I'm  not  a  bank¬ 
ruptcy  expert!! 

WorldCom  CEO 
John  Sidgmore, 

addressing  reporters  April  30 


IIThis  is  not  the  path 
we  wanted  to 
take,  but  it  is 
clearly  the 
right  thing 
v  to  do.!! 

WorldCom  CEO 
John  Sidgmore,  at  a  press 
conference  July  22,  a  day  after 
filing  for  bankruptcy 
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■  BY  JENNIFER  MEARS 

Despite  WorldCom’s  claims  that 
service  will  continue  as  usual 
during  financial  restructuring, 
the  company’s  bankruptcy  filing 
last  week  has  customers  review¬ 
ing  contracts  and  network 
options. 

National  Semiconductor  in 
Santa  Clara  has  used  the  nation’s 
No.  2  long-distance  carrier  for  re¬ 
mote  access  services  for  the  past 
three  years  and  is  looking  for  an 
alternative  carrier.  CIO  Ulrich  Seif 
notes  switching  could  be  fairly 
easy  because  of  the  limited 
nature  of  the  WorldCom  service 
National  uses.“It’s  not  a  small  pro¬ 
ject,  though  it’s  a  lot  easier  than  if 
WorldCom  was  our  voice  and 
See  WorldCom,  page  58 


■  WorldCom  executives  have  done 
a  grave  disservice  to  those  who 
built  MCI  and  UUNET,  says  colum¬ 
nist  Johna  Till  Johnson.  Page  27. 


■  This  bankruptcy  is  a  triple  whammy 
for  an  already-reeling  telecom  commu¬ 
nity,  says  Network  World  Editor  in 
Chief  John  Dix.  Editorial,  page  34. 
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1  ]  In  the  e-business  game,  it’s  called  the  hack  attack,  and  it's  one  of 
the  many  unpredictable  threats  to  your  company's  data.  The 
defense?  A  security-rich  integrated  infrastructure  that  guards  24/7. 

2]  Get  the  infrastructure  you  need  from  team  IBM  -  a  leader  in 
end-to-end  security  solutions.  With  the  help  of  global  security 
experts,  self-managing  servers,  and  Tivoli®  security  software,  you’ll 
know  your  infrastructure  can  be  secure  on  a  Fort  Knox  scale. 


3]  For  more  winning  plays,  visit  ibm.com/e-business 


Rock-Solid 

Data  Security. 


AIT-3  WORM. 


FOR  RELIABLE,  SCALABLE 
DATA  PROTECTION. 


Write  once,  read  many  technology— WORM— -is  indispensable  when 
your  business  requires  dependable  data  storage  with  overwrite 
protection.  Sony  delivers  a  high  level  of  data  integrity — and  more — 
with  the  singular  benefits  of  AIT-3  WORM. 

•  IT’S  AFFORDABLE.  AIT-3  WORM  offers  up  to  100GB  native  on  a 
single  8mm  cartridge,  resulting  in  more  capacity  in  less  space— with 
a  lower  cost  per  GB— than  MO  and  CD. 

•  IT’S  SCALABLE.  When  you  choose  an  AIT-3  WORM  drive,  you’re 
making  an  investment  that  can  grow  with  your  business. 

•  IT’S  MULTI-FUNCTIONAL.  The  AIT-3  WORM  drive  is  a  single  unit 
that  meets  both  your  standard  and  WORM  data  storage  needs. 


With  AIT-3  WORM,  you  enjoy  all  the  advantages  of  Sony’s  patented 
Advanced  Intelligent  Tape™  technology— including  the  extremely 
durable  Advanced  Metal  Evaporated  media  technology  and  Memory- 
In-Cassette,  a  built-in  flash  memory  chip  providing  high-speed  searching 
and  rapid  access  to  data. 

For  rock-solid  data  security,  put  your  confidence  in  AIT-3  WORM.  And 
experience  the  value  and  reliability  that  are  distinctly  Sony. 

To  learn  more  about  AIT-3  WORM— and  the  complete  family  of  AIT 
products— visit  our  Web  site  at  www.sony.com/ait. 
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■  8  SSL-based  remote  access  gets  a  big  boost. 

■  9  Incognito  releases  fault-tolerant  server  appliances. 
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There's  more  to 
security  than  firewalls. 

Network  World  Global  Test  Alliance  member  Miercom  put  six  antivirus  tools  and  six 
content-filtering  devices  through  their  paces.  The  results  were  quite  favorable/ 

Page  37. 
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Top  ISP  report: 

AT&T  comes  in  first  in  the  national  retail  and  business-to-business  categories. 
BellSouth  wins  in  the  regional  retail  category,  Find  out  how  your  ISP  Stacks  up. 
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Interactive 


Cybersecurity  law 

Find  out  what  you  need  to  know  about  pending  security  legislation  and 
how  it  could  affect  you  in  this  online  exclusive  story  from  our  report 
"Security:  Defending  the  extended  enterprise." 

DocFinder:  1537 

Forum:  Microsoft  and  home  networks 

Redmond  is  making  a  foray  into  home  networks,  preparing  to  unveil  a 
line  of  802.11b-compatible  wireless  products  this  fall,  Will  this  be  a 
blessing  or  a  curse  for  the  industry? 

DocFinder:  1538 

Call  for  entries:  User  Excellence  Award 

Take  a  shot  at  winning  our  18th  annual  User  Excellence  Award  compe¬ 
tition  for  your  latest  and  greatest  network  project.  Fill  out  our  online 
nomination  form. 

DocFinder:  1234 

Seminars  and  Events 


VoIP  training  comes  to  you! 

Looking  for  a  cost-effective  way  to  train  your  team?  Trying  to  widen  your 
department's  skill  set  on  a  shrinking  budget?  With  equipment  provided  by 
Avaya,  NetSmart's  on-site  voice-over-IP  training  is  the  perfect  way  to 
educate  your  staff  without  leaving  the  office. 

DocFinder:  9945 
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Compendium 

Useful  downloads 
Fusion  Executive  Editor  Adam  Gaffin  wants  you  to  come  over 
to  our  newly  revamped  Downloads  area,  where  you  can  find 
useful  applications  for  security,  network  design,  network 
management  and  much  more. 

DocFinder:  1539 

Help  Desk 

MAPIsend  and  network  management 

Columnist  Ron  Nutter  helps  a  user  of  Nortel  Optivity  send  e- 

mail  alerts. 

DocFinder:  1540 

Home  Base 

Where  should  I  sit? 

Columnist  Jeff  Zbar  looks  at  Cigna  Healthcare,  which  pro¬ 
vides  teleworkers  a  place  to  call  home  —  in  the  office. 

DocFinder:  1541 

View  from  The  Edge 

Vacancy  at  the  top 

The  Edge  Managing  Editor  Jim  Duffy  wonders  if  the  position 
of  service  provider  czar  "Mission  Impossible"  at  Cisco? 

DocFinder:  1542 


What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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Lawmaker  files  IT  vigilantism  bill 

■  In  a  widely  anticipated  move  that  has  stirred  much  protest,  U.S.  Rep.  Howard  L. 
Berman  (D-Calif.)  introduced  legislation  last  week  that  aims  to  foil  peer-to-peer  piracy 
by  giving  copyright  holders  the  ability  to  employ  a  variety  of  technological  tools  such 
as  file  blocking,  redirection,  spoofs  and  decoys. The  bill  targets  decentralized  peer-to- 
peer  networks,  such  as  Morpheus,  which  have  recently  become  the  focus  of  copyright 
holders’  attention  given  their  swelling  number  of  users  and  the  difficulty  they  present 
when  it  comes  to  cracking  down  on  piracy  In  introducing  the  bill,  Berman  told 
Congress  that  while  there  is  no  “silver  bullet”  to  stop  piracy  on  decentralized  peer-to- 
peer  networks,  he  hoped  to  “enable  responsible  usage  of  technological  self-help  mea¬ 
sures  to  stop  copyright  infringements  on  [peer-to-peer]  networks.”  He  proposed  a  gen¬ 
eral  safe  harbor  rule  under  which  copyright  holders  would  be  able  to  employ  techno¬ 
logical  measures  to  protect  their  copyright  works,  provided  these  measures  do  not 
damage  users’  computers  and  files  or  cause  economic  loss  of  more  than  $50  per 
impairment. 


TheGoodTheBadTheUgly 


Seeing  light  Despite  a  4%  decline 
in  IT  hardware  spending  worldwide,  IDC 
insists  that  higher  spending  on 
software  and  services  will  boost 
overall  IT  expenditures  3.7%  this 
year.  IDC  sees  9%  growth  in  2003, 
which  would  push  worldwide 
spending  over  $1  trillion  for  the  first  time. 

Action  figures  aren't 

enough?  Motorola  and  Walt 
Disney  are  teaming  up  to  make 
cordless  telephones,  two-way  radios  and 
other  electronics  -  for  children  —  that  feature 
popular  cartoon  characters  such  as  Cinderella, 

Mickey  Mouse  and  Buzz  Lightyear,  They’ll  set 
you  back  $60  a  pop.  > 

Towel,  please.  Virgin  Group  Chairman  Sir 
Richard  Branson  and  his  newly  formed  Virgin  Mobile 
U.S.A,  also  are  pitching  mobile  phones  to  young  people 
-  the  18-to-24  crowd.  No  sin  there,  except  that  last  week 
Branson  was  doing  his  pitching  buck  naked  -  save  for  a 
strategically  placed  phone  -  during  a  marketing  stunt 
that  included  the  Broadway  cast  of  "The  Full  Monty." 


Survey:  IT  defenses  still  need  shoring  up 

■  The  risk  of  the  typical  U.S.  company  suffering  at 
least  one  major  cyberattack  within  the  next  year  is 
strong,  and  not  enough  businesses  are  taking  appro¬ 
priate  steps  to  defend  themselves,  according  to  a  sur¬ 
vey  of  602  IT  professionals  released  last  week  by  the 
Business  Software  Alliance.  Of  those  responsible  for 
security  issues,  60%  said  they  believe  it  is  likely  com¬ 
panies  will  get  hit  with  at  least  one  major  cyberattack 
within  the  next  year.  While  more  than  half  felt  U.S. 
businesses  have  improved  their  security  defenses 
since  Sept.  11,45%  said  companies  are  still  not  pre¬ 
pared  for  a  major  cyberattack.  U.S.  businesses  are 
devoting  fewer  resources  to  defending  against  cyber¬ 
attacks  than  they  did  attempting  to  solve  the  Y2K 
problem,  according  to  47%  of  those  surveyed. 

Seventy-one  percent  said  that  businesses  should  con¬ 
centrate  more  on  cyberdefense.  On  the  positive  side, 

94%  said  every  computer  at  their  company  had 
antivirus  software,  and  92%  said  their  company  uses 
a  firewall  to  protect  against  network  threats. 

Cisco  snaps  up  Ayr  Networks 

■  Cisco  announced  last  week  it  has  entered  into  a  definitive  agreement 
to  buy  privately  held  Ayr  Networks,  a  provider  of  high-performance  dis¬ 
tributed  network  services  and  scalable  routing  software.  While  Cisco 
owns  a  minority  stake  in  Ayr,  the  buyout  deal  will  see  Cisco  offering 
company  stock  worth  up  to  $1 13  million  for  the  outstanding  shares  of 
Ayr.  Ayr’s  technology  will  be  integrated  into  the  Cisco  10S  software. 

Microsoft  vows  to  hire  5,000,  boost  R&D 

■  Bucking  the  trend  of  corporate  downsizing  in  the  face  of  a  struggling  economy  for  IT 
companies,  Microsoft  last  week  said  it  plans  to  hire  another  5,000  developers  in  the  next 
year.  The  announcement  comes  as  other  major  technology  companies,  including  Intel 
and  Hewlett-Packard,  continue  to  announce  layoffs.  Microsoft  also  said  that  spending  on 
research  and  development  during  fiscal  year  2003  would  reach  about  $5.2  billion,  a  20% 
boost  over  fiscal  year  2002,  which  ended  June  30. 

COMPENDIUM 

Google  art 

When  you  use  Google  to  search  Usenet  postings,  it  colorcodes  your  search  words  in 
messages  it  finds.  Paul  Johnson  has  been  playing  with  this  to  create  art  where  art 
has  no  business  belonging  in  straight-ASCII  messages  on  Google,  including  a  land¬ 
scape  and  a  giant  “Hi!” 

See  this  and  more  in  Compendium:  www.nwfusion.com, 

DocFinder:  1548. 


AGLU  sues  over  site-blocking  lists 

■  The  American  Civil  Liberties  Union  filed  a  suit  last  week  challenging  copyright  rules 
that  prevent  researchers  and  consumers  from  examining  lists  of  sites  blocked  by 
Internet  filtering  software. The  lawsuit,  filed  in  Boston,  takes  on  a  provision  in  the  1998 
Digital  Millennium  Copyright  Act  that  makes  it  illegal  to  circumvent  technological  pro¬ 
tection  measures. The  ACLU  said  in  a  statement  that  this  provision  violates  users’  fair 
use  rights,  making  it  illegal  for  them  to  “look  under  the  hood  of  the  blocking  products 
they  buy”  Because  companies  that  produce  Internet  filtering  software  often  encrypt 
their  lists  of  blocked  sites,  a  user  would  have  to  hack  the  encryption  to  access  the  infor¬ 
mation,  violating  the  DMCAs  circumvention  provision. The  suit  was  filed  on  behalf  of 
researcher  Benjamin  Edelman,  who  said  he  wants  to  examine  a  blocking  program 
produced  by  Seattle’s  N2H2,  without  worrying  about  legal  ramifications. 

GA  and  Ranger  end  proxy  battle 

■  Computer  Associates  last  week  announced  it  has  come  to  an  agreement  with  the  invest¬ 
ment  firm  that  for  the  second  consecutive  summer  launched  a  proxy  fight  to  displace  CA 
board  members.  Ranger  Governance  and  CA  entered  an  agreement  that  has  CA  paying 
the  Dallas  firm  $10  million  in  exchange  for  it  ending  its  current  proxy  fight  and  agreeing 
not  to  initiate  another  for  five  years. 
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When  it  comes  to  Internet  services  for  your 
business,  the  financial  stability  of  your  provider  is 
vital.  Cable  &  Wireless  is  ranked  the  “Most  financially  stable  operator  in  class”  by  CommunicationsWeek 
International.  Our  wholly  owned,  tier  1  global  IP  backbone  spans  six  continents  and  50  countries.  We  offer  a  full 
suite  of  Internet  services  -  from  dedicated  access  to  a  flexible  portfolio  of  managed  hosting  solutions.  With  a 
balance  sheet  that  says  we’ll  be  here  tomorrow,  we’re  setting  the  standards  for  reliability,  performance  and 
service.  Find  out  more  at  www.cw.com/reliable  or  call  1-866-598-0803.  It’s  a  solid  investment. 


Reliability  extends  far  beyond  the  network 


<02002  Cable  and  Wireless  Internet  Services,  Inc.  All  rights  reserved  All  other  trademarks  are  the  property  of  their  respective  owners. 
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RealNetworks  opens  up  to  serve  all 

Helix  Universal  server  delivers  rival  Microsoft’s  Windows  Media  format. 


■  BY  JASON  MESERVE 

Companies  looking  to  deliver 
streaming  media  content  in  mul¬ 
tiple  formats  from  one  source 
have  a  new  alternative  from  an 
unusual  source:  RealNetworks. 

The  company  announced  last 
week  that  its  Helix  Universal 
Server,  part  of  a  new  open  source 
code-sharing  initiative,  can  na¬ 
tively  provide  content  encoded  in 
Real,  Apple  QuickTime  and  the 
newer  MPEG-4  standard  format, 
and  the  proprietary  format  of  its 
rival,  Microsoft’s  Windows  Media. 

In  most  circumstances,  a  com¬ 


pany  wanting  to  deliver  content 
in  the  three  popular  proprietary 
formats  (Real,  Microsoft  and 
QuickTime)  would  need  servers 
for  each  content  type  or  some 
type  of  caching  product  or  ser¬ 
vice  provider  option.  With  Helix 
Universal  Server,  the  three  formats 
can  be  served  simultaneously 
along  with  more  than  50  other 
types  of  media  from  one  box, 
reducing  the  amount  of  hardware 
needed  to  serve  a  diverse  array  of 
content  types. 

Another  potential  benefit  for 
corporate  users  is  the  fact  that 
Helix  Universal  Server  runs  on  1 1 


platforms,  meaning  Windows 
Media  can  be  served  from  non- 
Windows  2000  operating  systems. 

“Helix  Universal  Server  repre¬ 
sents  our  new  products  moving 
forward,”  says  Brad  Hefta-Gaub, 
the  vice  president  of  product 
development  for  media  systems 
at  Real.  “We  will  also  offer  a  ver¬ 
sion  of  the  server  that  supports 
just  Real  audio  and  video  for  cus¬ 
tomers  that  want  it." 

As  part  of  the  server  announce¬ 
ment,  Real  says  it  is  releasing 
Helix  Producer,  which  is  used  to 
encode  content  into  the 
RealVideo  9  format. The  new  ver¬ 


sion  of  the  producer  supports 
only  the  Real  format. 

Helix  Universal  Server  and  the 
producer  application  are  the  first 
products  under  Real’s  new  Helix 
open  source  code  and  communi¬ 
ty  initiative  designed  to  spur 
development  around  one  encod¬ 
ing,  delivery  and  playback  plat¬ 
form.  At  the  center  of  the  initiative 
will  be  the  Helix  DNA,code  used 
for  running  Real’s  server,  encod¬ 
ing  and  player  client  software. 

There  will  be  two  types  of 
licenses  —  the  RealNetworks 
Community  Source  License 
(RCSL)  and  the  RealNetworks 


SSL  gets  respect  from  IPSec  vendors 

Check  Point  to  add  browser-based  remote  access  to  its  VPN  gear. 


Remote  user 


■  BY  TIM  GREENE 

Secure  Sockets  Layer-based 
remote  access  is  about  to  hit  the 
big  time. 

Check  Pbint  Software,  one  of  the 
largest  VPN  vendors,  this  week 
promises  support  for  this  brows¬ 
er-based  technology,  and  a  new 
entrant  in  this  area,  Whale 
Communications,  will  introduce 
hardware  and  software  to  enable 
secure  Internet  connections  for 
corporate  networks. 

Check  Pbint  says  a  software 
release  scheduled  for  September 
will  let  businesses  support  both 
browser-based  and  IP  Security 
(IPSec)  remote  access,  requiring 
only  one  remote  access  gateway 

rather  than  two  for  those  busi-  _ _ 

nesses  that  want  to  offer  varying 
levels  of  access  to  their  networks. 

This  is  the  first  wave  of  a  trend,  according  to 
a  prediction  by  Infonetics.“Check  Fbint  is  the 
first  major  IPSec  vendor  to  announce  this,  but 
others  will  follow"  says  Jeff  Wilson,  Infonetics’ 
director  of  research. “As  soon  as  they  run  into 
SSL  competitively  or  see  the  market  start  to 
grow  quickly,  they  will  get  involved.” 

SSL  remote  access  alternatives  use  SSL  sup¬ 
port  that  comes  standard  with  most  Web 
browsers  to  create  encrypted  sessions 
between  a  remote  PC  connected  to  the 
Internet  and  servers  behind  corporate  fire¬ 
walls.  A  group  of  competitors  including 
Aspelle,  Aventail,  Netsilica,  SafeWeb  and  now 
Whale  focus  on  this  technology  almost  exclu¬ 
sively. 

The  technology  eliminates  the  need  to 
install  separate  client  software  on  remote  PCs 
as  is  the  case  with  IPSec  VPNs.  Instead,  the 


Remote  access  security 


Whale  Communications’  e-Gap  remote  access  appliance 
includes  a  switch  that  maintains  a  physical  disconnect  between 
secure  servers  on  corporate  networks  and  the  Internet. 


Remote  user  needs  only 
a  Web  browser  to  con¬ 
nect  to  a  secure  site. 


An  Internet-connected  and  a  LAN-con¬ 
nected  computer  on  a  board  talk  to  remote 
users  and  LAN  servers,  respectively. 


PQ)  / — v. 

|  (  Internet  \ 


e-Gap  appliance 


Air  Gap 
switch 


Singe  board 
computer 


Singe  board 
computer 


The  internal  SCSI  Air  Gap  switch  shuttles  data  between 
the  Internet  and  LAN-connected  computers,  maintaining 
a  physical  break  between  the  LAN  and  the  Internet. 


browser  is  the  client.  With  some  vendors,  such 
as  Check  Point, SSL  allows  access  only  to  Web- 
enabled  applications  and  file  transfers.  Some 
vendors,  such  as  Neoteris,  support  applica¬ 
tions  that  are  not  Web-enabled.They’re  getting 
better.  They’re  not  just  doing  Web  proxying, 
they’re  proxying  on  any  TCP  or  [User 
Datagram  Protocol]  port,” says  Zeus  Kerravala, 
an  analyst  with  The  Yankee  Group. 

While  SSL  remote-access  appliance  ship¬ 
ments  totaled  $1  million  worldwide  for  the 
first  quarter  of  2002,  Infonetics  projects  that 
the  year-end  total  will  be  $60  million.  It  pro¬ 
jects  a  143%  compound  annual  growth  rate 
for  sales  of  this  gear  over  the  next  four  years. 
(Another  SSL  story  is  on  page  31 .) 

Check  Point  calls  its  new  SSL  capability 
“Clientless”  VPN,  and  it’s  embedded  in  the 
Check  Point’s  Service  Pack  3  version  of  its 
server  software. 
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Servers 


Check  Point  also  is  adding  sup¬ 
port  for  the  Microsoft  VPN  client 
that  comes  standard  with  Micro¬ 
soft’s  desktop  software.  While  the 
Microsoft  VPN  support  is  based 
on  IPSec  and  Layer  2  Tunneling 
Protocol,  not  SSL,  it  is  similar  to 
the  browser-based  remote  access 
in  that  it  requires  no  additional 
software  on  the  remote  PC.  If  the 
machine  has  a  Windows  operat¬ 
ing  system,  it  already  has  the  VPN 
support. 

While  Check  Point  is  broaden¬ 
ing  its  scope, Whale  is  focusing  on 
SSL  remote  access  with  its  e-Gap 
appliance.  Within  a  single  box,  e- 
Gap  contains  two  single-board 
computers,  one  connecting  to 
the  Internet  and  the  other  to  the 
LAN.  The  two  are  separated  by  a 
SCSI  switch  that  connects  with 
only  one  of  the  computers  at  a  time  and  shut¬ 
tles  data  between  them  (see  graphic).  This 
insulates  the  LAN  from  any  possible  direct 
contact  with  the  Internet. 

Robot-maker  Fanuc  Robotics  in  Rochester 
Hills,  Mich., uses  e-Gap  to  supplement  a  Nortel 
Contivity  dial-up  IPSec  VPN,  each  technology 
having  its  own  role.  When  it  chose  Whale,  the 
company  was  seeking  a  way  for  employees  to 
access  e-mail  and  other  key  data  while  they 
are  at  customer  sites  or  traveling  through  air¬ 
ports  with  Internet  kiosks.“We  use  Whale  [SSL 
capability]  for  quick  access  to  our  network 
from  anywhere  in  the  world,”  says  Travis 
Robson,  Fanuc’s  manager  of  systems,  telecom¬ 
munications  and  networking.  “But  if  you’re  at 
home  with  a  high-speed  cable  modem,  use 
the  VPN." 

Check  Point:  www.checkpoint.com;  Whale: 
www.whale-com.com 


Public  Source  License  (RPSL). 
Products  developed  under  the 
RCSL  have  to  be  compatible  with 
Helix,  while  software  developed 
under  the  RPSL  has  to  be  open 
source,  Real  says. 

Real  plans  to  make  the  source 
code  of  its  Helix  client  available 
within  90  days, and  the  server  and 
encoder  source  code  by  year- 
end, the  company  says.  Real  plans 
to  submit  the  RPSL  to  the  Open 
Source  Initiative  for  certification 
as  an  open  source  license. 

While  the  company  is  making 
some  of  its  technology  open 
source,  it  is  withholding  the  tech¬ 
nology  and  algorithms  behind  its 
codecs  used  to  compress  audio/ 
video  content. 

“What  they’re  doing  is  releasing 
code  up  to  the  point  of  the  actual 
codecs.That’s  where  it  stops,” says 
Maximilian  Flisi,  a  research  ana¬ 
lyst  at  IDC.  “If  they  did  that  they 
would  be  fully  open  source  .  . . 
they  would  be  naked.” 

One  potential  hurdle  for  Real 
could  stem  from  its  use  of 
Windows  Media  technology  The 
company  did  not  license  it  from 
Microsoft.  Rather,  it  used  “clean 
room”  (figuring  out  how  some¬ 
thing  works  without  seeing  the 
source  code)  techniques  to 
determine  how  a  Windows 
Media-encoded  file  is  delivered 
from  the  server  to  the  player.  It  is 
mimicking  the  techniques  in 
Helix  Universal  Server. 

Microsoft  would  not  comment 
on  potential  legal  repercussions 
until  it  saw  more  of  the  Real 
implementation. 

Real  and  Microsoft  are  locked 
in  a  battle  over  which  has  the  best 
streaming  media  technology. 
Microsoft’s  advantage  is  that  it 
gives  away  its  player  software  with 
every  version  of  Windows  sold 
and  its  server  software  with  the 
Windows  2000  operating  system. 
Real  says  it  hopes  Helix  can  per¬ 
suade  developers  to  pay  for  a 
server  that  can  deliver  multiple 
formats  and  not  be  limited  to  just 
the  Windows  platform. 

Helix  Universal  Server  is  avail¬ 
able  now  with  pricing  based  on 
the  maximum  server  capacity 
measured  in  megabits  per  sec¬ 
ond.  A  free  version  of  Helix 
Producer  is  available  for  Linux 
and  Windows  desktops. 

Material  from  the  IDG  News 
Service  was  used  in  this  story. 


Reading  someone  else's 

copy  of  Network  World? 

Interop  preview.-- VertS»»isvJ«*— 

NetworkWorld 

Apply  for  your  own 

Put  to  the  test 

PS  apr 

AjT  b  i 

Free  subscription  today. 

IP  telephony  talk 

zeroes  in  on  SIP  - 

___  .  »*S**es 

subscribenw.com/  b02 

v  Free  subscription 

-  ^  To  apply  online  go  to 

subscribenw.com/b02 

subscribenw.com/  b02 

Apply  for  your 

free 

subscription  today! 

(A  $255  value  -  yours  free) 


www.nwfusion.com 


News 


7/29/02 


NetworkWorld 


Incognito  launches  fault-tolerant  appliances 


■  BY  DENI  CONNOR 


VANCOUVER,  B.C.  —  Incognito  Soft¬ 
ware  announced  two  fault-tolerant  server 
appliances  last  week  that  promise  to  help 
large  businesses  and  service  providers 
manage  IP  addresses. 

Incognitos  Multi-Server  Appliance  (MSA) 
consists  of  the  company’s  IP  Commander 
and  DNS  Commander  software  on  blade 
servers  from  Cubix,  a  vendor  known  for 
communication  and  terminal  server  hard¬ 
ware.  The  blades  manage  DNS  addressing 
—  the  process  of  mapping  text-based  URLs 
into  numeric  IP  addresses  —  and  the 
Dynamic  Host  Configuration  Protocol 
(DHCP),  in  which  IP  addresses  are  dynam¬ 
ically  assigned  to  computers  each  time 
they  access  the  Internet. 

DNS  Commander  lets  users  create, 
administer  and  manage  DNS  servers  and 
prevents  vulnerabilities  that  can  occur 
from  the  use  of  the  Berkeley  Internet  Name 
Domain  utility  IP  Commander  integrates 
DNS  with  DHCP  and  the  Time  of  Day  and 
Trivial  File  Transfer  Protocol  services. 

Mike  Mason,  network  engineer  at  insur¬ 
ance  firm  Country  Companies  in 
Bloomington,  Ill.,  uses  Incognito’s  DNS 
and  IP  Commander  software  and  says  he 
is  interested  in  trying  MSA.  Mason  has  as 
many  as  6,500  users  that  use  the  compa¬ 
ny’s  DHCP  and  DNS  servers  every  day. 

“At  one  time  we  had  a  team  of  three  to 
seven  people  assigning  DNS  to  static  IP 
addresses,”  Mason  says.“Using  [Incognito’s] 
software  is  just  about  as  easy  as  point-and- 
click  —  we  add  the  name  in, add  a  descrip¬ 
tion  and  click  OK.” 

Experts  recommend  that  DNS  and 
DHCP  servers  be  fault-tolerant  because  if 
a  company’s  DNS  servers  go  down,  they 
would  lose  contact  with  the  Internet  and 
their  e-mail,  and  all  network  access  would 
be  affected. 

“We  have  a  DNS  master  and  four  sec¬ 
ondary  DNS  servers  that  load  balance 
traffic  and  fail-over  for  each  other,” Mason 
says.  “When  DHCP  gives  out  an  IP 
address,  it  passes  that  information  to  the 
DNS  server.  If  a  DHCP  server  fails,  a  sec¬ 
ond  server  acts  as  a  disaster-recovery 
machine  if  it  doesn’t  hear  the  heartbeat 
of  the  primary  DHCP  server.” 

Two  fault-tolerant  Incognito  MSA  models 
are  available  —  MSA  300  and  MSA  800.The 
MSA  300  contains  three  blade  servers:  one 
is  the  primary  DHCP  blade;  one  is  the  pri¬ 
mary  DNS  blade;  and  the  third  serves  as  a 
back-up  DHCP/DNS  blade  should  the 
other  blades  fail.  In  the  MSA  800,  the  cus¬ 
tomer  can  configure  the  eight  server 
blades  to  his  DNS/DHCP  needs. 


More  online! 

Do  DNS  security  risks 
exist  in  your  network? 

DocFinder  1549 


Incognito’s  blades  and  DNS/DHCP  soft¬ 
ware  compete  with  software  and  hard¬ 
ware  from  Cisco  and  Lucent.  The  compa¬ 
ny’s  software  also  will  work  on  any  indus¬ 


try-standard  server,  and  Compaq,  RLX 
Technologies  or  Hewlett-Packard  blades. 

The  MSA  3000  costs  $19,450.  The  MSA 
800  starts  at  $22,000.  The  IP  Commander 


software,  bought  separately,  starts  at  $500; 
the  DNS  Commander  software  is  $5,000. 
Both  MSAs  are  available  now. 

Incognito:  www.incognito.com 


Some  things  are  destined  to  succeed 


Introducing  the  Xythos  WebFile  Server 
Internet  enabled  file  management  for  the  enterprise 

•IC-* 

Ultimate  File  Access  -  anytime,  anywhere,  from  your  browser  or  existing  desktop, applications 


•  Complete  Control  -  your  servers,  directory  services,  and 
100%  Standards  Based  -  supports  HTTP,  SSL,  WebDAV  and  J2EE 
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•  Easy  Implementation  -  any  leading  application  server,  network  or  client  systehrj.  - 

,.;j  : 

•  Lower  Costs  -  reduce  storage  management  costs,  file  duplication  and  search  times 

/  *  ■  ■■ 

•  .  '■  .-Zy, £&?'•"’-  '0? ' 

Free  IDC  Whitepaper  -  discover  how  Internet  enabled  file  management  quickly  redoes  file  sharing  burden 


on  e-mail  systems 


Call  1  888  4XYTHOS  (1  888  499  8467)  or  visit  www.xythos.com/NW55 
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Opnet  shows  real-time  analysis  of  apps 


The  software  tracks  a 


BY  DENISE  DUBIE 


BETHESDA,  M.D.  —  Opnet  Tech¬ 
nologies  next  month  will  upgrade  its 
flagship  software  suite  with  real-time 
troubleshooting  features  that  industry 
watchers  and  customers  say  help 
spot  and  fix  application  performance 
problems. 

Set  to  be  unveiled  at  the 
company’s  annual  Opnet- 
work  conference,  Opnet  9.0 
is  designed  for  users  looking 
to  troubleshoot  application 
performance  on  a  day-to-day 
basis.  The  software  collects 
application  performance  data,  such 
as  response  time  and  bandwidth 
usage,  from  network  devices,  servers, 
clients  and  databases,  and  merges 
the  data  to  give  users  a  measure  of 
application  performance  across  dis¬ 
parate  network  components.  Most 
application  performance  tools  col¬ 
lect  data  from  the  separate  elements, 
and  network  managers  must  manu¬ 
ally  compile  the  information  to  get  one  com¬ 
plete  view  of  application  performance. 

“We’re  using  the  tools  to  tell  us  where  the 
problem  is  —  the  network  or  server  or  client 
—  and  then  we  can  focus  on  putting  the  re¬ 
sources  in  the  right  place,”  says  a  vice  presi¬ 
dent  at  a  major  financial  services  company 
who  requested  anonymity 

“We  collect  multiple  traces  and  try  to  piece 
them  together.  It’s  manual  and  timeconsum¬ 
ing  and  difficult  to  troubleshoot  application 


Opnet  9.0  software  now  helps  customers  track 
application  performance  problems. 


Network  managers  can  1*^ 
view  a  virtual  represen-  1  / 
tation  of  the  router, 
servers  and  applications 
that  affect  specific  users. 


o-  - 


transaction  from  end-user 
request  across  the  routers 
and  servers  and  back  again. 


performance  in  real  time  when  looking  across 
different  platforms,”  he  says. 

Other  new  features  include  an  application 
recode  tool  that  tells  a  user  what  part  of  an 
app  should  be  rewritten  to  improve  its  perfor¬ 
mance  across  a  network.  Another  tool  offers 
the  same  type  of  suggestions  for  router  con¬ 
figurations. 

Deb  Curtis,  a  research  director  at  Gartner, 
says  Opnet’s  latest  release  can  give  network 
managers  a  quick  evaluation  of  what  compo¬ 


nent  or  application  needs  to  be 
tweaked. 

Because  it  includes  modeling 
technology,  Curtis  says  Opnet 
can  give  users  more  insight  into 
how  the  network  might  need  to 
be  configured  to  meet  future 
needs.  “Opnet  software  can  help 
IT  staff  plan  good  IT  investments 
based  on  real  traffic  and  end- 
user  service  levels,”  she  says. 

She  says  Opnet  software  could 
help  to  further  pinpoint  the 
source  of  poor  performance 
when  working  in  conjunction 
with  network  management  soft¬ 
ware  from  companies  such  as 
Computer  Associates,  Hewlett- 
Packard  and  IBM  Tivoli.  Curtis 
says  Opnet  9.0  competes  with 
products  from  Compuware,  but 
adds  that  Opnet  does  in  one 
product  what  Compuware  does 
in  two. 

Opnet  software  is  installed  on  a 
Sun  Solaris  or  Windows  NT  or 
2000  server.The  company  provides  agents  that 
are  installed  on  servers  and  devices,  such  as 
routers  and  switches,  throughout  a  network  to 
capture  application  and  transaction  perfor¬ 
mance  data.  Opnet  software  also  can  use  data 
collected  by  Network  Associates  Sniffer, 
NetScout  and  Concord  agents  and  probes. 

In  beta  testing,  Opnet  9.0  costs  between 
$40,000  and  $100,000,  depending  on  imple¬ 
mentation. 

Opnet:  www.opnet.com 


C&W  launches  back-up  and  recovery  services 


Backing  it  up 

C&W  is  offering  back-up  and  recovery  services.  Here’s 
the  rundown: 


•  Cold  site.  Customer  reserves  space  in  a  data  center  that  becomes 
available  within  24  hours  after  a  disaster  is  declared.  C&W  can 
help  customers  get  quick  access  to  equipment  so  that  the  site  is 
running  within  72  hours.  Pricing  starts  at  $2,000  per  month. 

•  Warm  site.  Equipment  is  located  in  a  C&W  data  center  and  pre¬ 
configured  to  run  critical  applications,  if  needed.  Recovery  time  is 
about  12  hours.  Pricing  varies  based  on  customer  need. 

•  Hot  site.  A  live  site  for  critical  applications  is  managed  and 
monitored  by  C&W  and  is  constantly  updated  with  relevant  data 
from  the  origin  site  so  that  the  customer  can  avoid  downtime. 
Pricing  varies  based  on  customer  need. 


■  BY  JENNIFER  MEARS 

SANTA  CLARA  —  Enterprise 
customers  looking  for  a  service 
provider  to  help  back  up  and  pro¬ 
tect  critical  data  and  applications 
will  find  a  new  option  with  Cable 
&  Wireless,  which  is  slated  to  roll 
out  its  suite  of  high-availability 
and  recovery  offerings  this  week. 

The  telecommunications  com¬ 
pany  is  using  the  capabilities  of 
its  Exodus  Communications  and 
Digital  Island  acquisitions  to  pro¬ 
vide  data  protection  services 
aimed  at  keeping  online  func¬ 
tions  running  in  the  face  of  inter¬ 
nal  network  glitches  or  more  seri¬ 
ous  disasters.says  David  Greene, a 
vice  president  for  Exodus, a  Cable 
&  Wireless  service. 

Exodus  has  provided  services 
such  as  risk  assessment  and  re¬ 
covery-planning  consulting,  man¬ 
aging  high-availability  and  alter¬ 
nate  IT  sites,  and  business-impact 
analysis  for  six  years.  C&W  says  it 
is  standardizing  these  services  to 


make  them  more  cost-effective 
and  easier  to  deploy. 

The  services  are  aimed  primar¬ 
ily  at  large  companies  in  the 
financial  services,  healthcare, 
entertainment  and  media  indus¬ 
tries,  Greene  says. 

With  the  offerings,  C&W  enters 
a  market  that  is  led  by  IBM, 
SunGard  and  Hewlett-Packard. 
Tony  Adams,  principal  analyst  at 
Gartner, says  C&W  is  in  a  position 
to  readily  compete  with  these 
vendors  because  of  its  depth  of 
expertise  and  global  network. 

“Cable  &  Wreless  hit  all  the 
high  notes  with  this  offering," 
Adams  says.“They  seem  to  have  a 
good  suite  of  services.” 

Other  carriers,  including  AT&T, 
offer  similar  services. 

“What  we  found  post-Sept.  1 1  is 
that  people  who  hadn’t  looked  at 
business  continuity  and  disaster 
recovery  beforehand  wanted  to 
get  into  a  discussion  of  what  we 
could  do  for  them,” Greene  says. 

C&W’s  offerings  let  customers 


choose  the  service  they  need 
based  on  the  length  of  time  they 
can  be  without  specific  online 
functions:  less  than  12  hours, 
more  than  12  hours  and  more 
than  72  hours.  The  services  can 
include  initial  consultation  and 
planning,  setup  and  configura¬ 
tion  of  equipment,  managed  ser¬ 
vices  such  as  security  and  con¬ 


tent  delivery  and  maintenance 
and  testing. 

“It’s  important  that  we  offer  all 
three  versions  within  one  loca¬ 
tion,”  Greene  says.  “Customers 
can  mix  and  match.  We  can 
identify  in  the  planning  stage 
which  portions  of  the  environ¬ 
ment  require  which  level  of 
backup.”  ■ 
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WHY  DID  DUR  LAYER  4-7  SWITCHES  BECOME  #1  WORLDWIDE?  INTELLIGENCE 


Foundry  Networks  is  the  market  share  leader*  in  1. a  ve  r 


4— 7  Web  switching  for  the  third  consecutive  year 


because  our  Serverlron  Laver  4-7  switch  may  be  the  mo 


versatile  switch  ever  built.lt  intelligently  distributes  traffic 
across  servers,  firewalls,  caches,  even  across  data  centers.  It  . 


I  can  help  you  manage  your  network  traffic  by  directing  traffic 

based  on  application,  server  load.  URL  content,  or  cookies.  Brains 
like  this  make  Serverlron  ail  essential  component  to  building  vour 
network  or  server  farm.  In  tact,  purchasing  it  could  be  one  ot  the 
smartest  moves  you'll  ever  make.  To  find  out  more  about  the  Serverlron 


NETWORKS  i 


Product  Family,  visit  its  at  www.foundrynetworks.com  si.  or  call  Foundry 
Networks  at  1  .SSXTURBOLAN  (887-2652)  and  make  the  intelligent  choice. 
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Call  centers 

continued  from  page  1 

In  Aspect’s  case,  customers  will 
be  able  to  use  the  same  data¬ 
bases,  application  servers  and 
business  rules  to  process  voice 
self-service  interactions  as  they 
do  to  process  Web  self-service 
transactions.  The  firm  is  building 
the  voice-activated  service  fea¬ 
tures  into  its  existing  software 
suite.  Aspect  IP  Contact  Suite. 

Avaya  is  adding  VXML  capabili¬ 
ties  to  Version  9.0  of  its  Avaya  IVR 
server.  Previous  versions  offered 
speech-recognition  features,  but 
9.0  is  the  first  to  embed  VXML 
support. 

Adoption  of  standards  such  as 
VXML  is  just  one  contributor  to 
an  overall  trend  to  increase  the 
sophistication  of  IVR  products, 
making  them  less  dependent  on 
menus  that  bury  information  sev¬ 
eral  layers  deep  and  better  able 
to  handle  queries  phrased  in  nat¬ 
ural  language, says  Martin  Prunty 
president  of  consulting  firm 
Contact  Center  Professionals. 

This  evolution  is  not  unlike  that 
of  Web-search  technology,  which 
has  progressed  from  keyword 
dependencies  to  natural  lan¬ 
guage-based  search  tools  devel¬ 
oped  by  vendors  such  as  Ask 
Jeeves,  Prunty  says. 

Companies  today  are  starting 
to  realize  that  the  phone  and  the 
Web  should  not  be  treated  as 
separate  customer  links,  with 
independent  data  retrieval  and 
collection  systems,  but  as  ele¬ 
ments  of  a  corporatewide  CRM 
strategy,  Prunty  says. 

“Customer  channels,  whether 
they’re  using  people  or  self-ser¬ 
vice,  have  to  be  integrated  and 
have  to  be  part  of  an  overall  strat¬ 
egy  of  dealing  with  customers,” 
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Gall  center 
conundrum 

The  ability  to  contin¬ 
uously  update  customer 
and  product  profiles  is 
the  largest  call  center 
technology  concern 
among  311  companies. 

Updating  customer  and  product  profiles 


Managing  complex  procedures 


53% 


Data  consistency 


36% 


Telephony  technology 


SOURCE:  IDC 


he  says.“But  that’s  not  how  it  is  in 
the  real  world  today’ 

Investments  growing 

In  general, call  centers  are  gain¬ 
ing  a  growing  share  of  IT  budgets 
as  companies  seek  to  improve 
customer  service  and  better  uti¬ 
lize  customer  service  personnel 
and  resources.  Among  672  com¬ 
panies  surveyed,  IDC  found  35% 
have  a  call  center  and  11%  say 
they  soon  will  need  one. 

Among  321  companies  with 
plans  to  invest  in  their  call  cen¬ 
ters,  54%  will  acquire  new  tech¬ 
nology,  31%  will  enhance  exist¬ 
ing  systems,  12%  will  build  new 
functions,  and  3%  will  turn  to 
an  application  service  provider, 
IDC  says. 

Companies  are  interested  in 
call  center  technology  in  part 
because  they  are  trying  to  keep 
their  loyal  customers  —  an  ongo¬ 
ing  challenge  that  tends  to  get 
more  attention  in  times  of  eco¬ 
nomic  slowdowns,  IDC  says.  The 
research  firm  found  the  No.  1  rea¬ 
son  companies  invest  in  call 
center  technology  is  to  improve 
customer  support  (see  graphic). 

That  is  what  led  Armstrong 
World  Industries, a  Lancaster,  Pa., 
maker  of  industrial  and  home 
flooring  and  ceiling  products,  to 
its  latest  call  center  upgrade. The 
manufacturer  recently  installed 
Version  7.0  of  Avaya  IVR  to  solve 
a  communication  problem  be 
tween  the  company’s  call  center 
and  the  retail  stores  that  carry 
Armstrong  products. 

In  the  past,  sales  representa¬ 
tives  from  retail  homeimprove 
ment  stores  would  deluge  Arm¬ 
strong’s  call  center,  checking  on 
the  status  of  customers’  orders 
and  tying  up  Armstrong’s  call 
agents,  says  Jeff  Fountaine,  net¬ 


work  analyst  with  the  company. 

Now  salespeople  at  home 
retail  stores  can  tap  into 
Armstrong’s  order-processing 
system  and  check  on  orders  by 
speaking  the  order  number  into 
the  system. 

The  Avaya  IVR  server  connects 
calls  from  an  Avaya  Definity  G3R 
PBX  to  the  back-end  systems, 
housed  on  an  AS/400  and  sepa¬ 
rate  SAP  servers. 

Fountaine  says  speech  recog¬ 
nition  was  necessary  because 
of  Armstrong’s  alphanumeric 
purchase-order  system,  which 
prevented  use  of  a  phone 
keypad  for  entering  informa¬ 
tion.  The  results  of  the  system 
have  pleased  Armstrong  and  its 
partners. 

“The  IVR  system  has  cut  our 
call  volume  in  half,”  Fountain 
says,  which  equates  to  15,000 
order  checks  per  month  that  do 
not  have  to  be  handled  by  a 
representative. 

“Another  benefit  is  the  good 
will  it  brings  between  Arm¬ 
strong  and  our  home  center 
partners,”  he  adds,  because 
retail  sales  representatives  now 
can  get  information  on  demand 
for  customers. 


Expected  gains 

Among  315  companies 
surveyed,  the  vast  majority 
expect  to  achieve  better 
customer  service  through 
their  call  center  systems. 

Improved  customer  service _ 


91% 


Improved  productivity 


34% 


Quicker  update  of  data  to  sales  and  support 


32% 


Increased  integration  of  sales/customer  care 


30% 


Support  for  service  and  sales  via  the  Internet 


29% 


Decreased  costs 


SOURCE:  IDC 


Changing  landscape 

Aspect  is  unveiling  its  voice 
self-service  software  at  this 
week’s  International  Call  Center 
Management  (1CCM)  Confer¬ 
ence  &  Exhibition  in  Chicago. 
Advanstar  Communications,  the 
show’s  organizer, says  5,000  atten¬ 
dees  are  expected. 

Lori  Bocklund,  vice  president 
of  call  center  consultancy 
Vanguard  Communications  and 
a  speaker  at  the  1CCM  show,  cau¬ 


tions  call  center  technology  buy¬ 
ers  to  focus  on  business  require¬ 
ments  before  shopping  for  new 
products. 

She  warns  the  market  has  got¬ 
ten  ahead  of  buyers. 

“There’s  more  technology 


than  people  know  what  to  do 
with,”  Bocklund  says.  That’s  not 
necessarily  bad,  but  it  can  be 
overwhelming  for  buyers  — 
who  need  to  figure  out  what 
software  and  equipment  they 
need  and  how  new  products 
will  work  with  the  gear  they 
have  before  making  a  purchase, 
Bocklund  says. 

Big  changes 

Companies  face  big  changes  in 
applications  and  network  infra¬ 
structure,  Bocklund  says.  On  the 
applications  side,  vendors  are 
working  to  off-load  call  routing, 
queuing  and  reporting  tasks 
from  the  PBX  to  server-based 
applications. 

In  call  center  networks,  the 
issue  is  migrating  from  circuit- 
switched  to  IP-based  platforms. 
Voice-over-IP  networks  promise 
to  decrease  costs  and  drive  pro¬ 
ductivity  by  merging  separate 
voice  and  data  services  on  a 
unified  infrastructure,  reducing 
toll  charges  and  enabling  the 
development  of  more  sophisti¬ 
cated  converged  applications, 
such  as  Web  chat.  VoIP  could 
help  companies  simplify  the 
integration  and  management  of 
distributed  voice  and  Web  cus¬ 
tomer  services. 

However,  implementing  VoIP 
networks  can  be  costly  and 
complex.  Companies  should 
consider  getting  their  feet  wet 
with  VoIP  by  deploying  a  trial 
application  that’s  not  mission- 
critical,  Bocklund  says.  She 
stresses  the  importance  of  care¬ 
ful  planning. 

“If  people  don’t  plan  for  VoIP 
and  put  together  a  migration 
strategy,  they’re  just  going  to  buy 
something  cool  because  some 
vendor  bends  the  right  ear," 
Bocklund  says. 

“Then  they’re  going  to  start 
heading  down  a  path  that  may 


not  fit  with  their  other  objec¬ 
tives,”  she  adds. 

Others  announcing  call  center 
products  this  week  include: 

•  Rockwell  FirstFbint  Contact, 
which  has  beefed  up  its  First¬ 
Fbint  Enterprise  2002  platform  to 


include  skills-based  routing  fea¬ 
tures  for  e-mail,  Web,  wireless  and 
VoIP  communications.  The  new 
Advanced  Intelligent  Router  fea¬ 
ture  identifies  agents  with  appro¬ 
priate  skills  and  can  route  mes¬ 
sages  accordingly.  Queue  Opti¬ 
mizer  lets  customers  choose 
when  they  would  like  the  system 
to  call  back,  rather  than  waiting. 

•  Blue  Pumpkin,  which  is 
launching  its  new  Workforce 
Optimization  Suite.  The  suite 
pools  two  new  performance- 
based  modules  —  Activity 
Manager,  which  tracks  how  call 
center  employees  spend  their 
time,  and  Advisor,  which  high¬ 
lights  agents’  successes  and 
problem  areas  —  with  existing 
scheduling  components. 

•  Vertical  Networks,  which  has 
aimed  new  IVR  technology  in  its 
Call  Management  Suite  software 
at  smaller  shops,  for  whom  the 
price  of  IVR  technology  often  is 
prohibitive. 

The  application  runs  on  the 
vendor’s  InstantOffice  line  of 
converged  PBX  phone  systems 
for  small  and  midsize  compa¬ 
nies  and  can  provide  call  rout¬ 
ing  and  queuing, along  with  IVR 
applications  for  letting  cus¬ 
tomers  interface  with  the 
phone  system  through  spoken 
commands  ■ 

Get  more  infonutinn  online. 
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Corrections 


■  A  pie  chart  with  the  story 
“Microsoft  to  offer  stand-alone 
Active  Directory”  (July  22,  page 
7)  should  have  indicated  it  rep¬ 
resented  Windows  2000  users’ 
adoption  of  a  directory  and  not 
the  market  at  large. 


I  k  If  people  don’t  plan  for  VoIP  and  put 
together  a  migration  strategy,  they’re  just 
going  to  buy  something  cool  because  some 
vendor  bends  the  right  ear.99 

Lori  Bocklund 

Vice  president,  Vanguard  Communications 
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Takes 


■  IBM  last  week  announced  an  addi¬ 
tion  to  the  low  end  of  its  Intel-based 
server  line,  along  with  a  new  cabling 
technology  designed  to  help  users 
who  manage  large  numbers  of  rack¬ 
mounted  servers.  The  x345  server 
will  start  shipping  this  week  as  either 
a  one-  or  two-processor  system  run¬ 
ning  on  2-,  2.2-  or  2.4-GHz  Intel  Xeon 
processors.  The  rack-mount  system 
will  fit  six  hot-swappable  hard  drive 
bays  and  five  PCI  slots  into  a  2U  (3.5- 
inch)  space.  The  new  server,  along 
with  the  rest  of  IBM's  Intel  line,  will 
work  with  its  new  Advanced  Con¬ 
nectivity  Technology  for  reducing 
the  number  of  cables  cascading  from 
the  back  of  a  rack  chassis,  ACT  lets 
customers  connect  each  server  to  its 
closest  neighbor  in  the  rack  and  then 
have  the  last  server  in  the  chassis 
plug  into  a  management  switch.  With 
IBM's  technology,  up  to  256  servers 
can  be  connected  into  the  one 
switch.  IBM's  Remote  Console  Man¬ 
ager,  which  uses  ACT  and  lets  ad¬ 
ministrators  log  on  remotely  to  all 
the  connected  servers,  starts  at 
$1,300  and  will  be  available  this  week. 
The  x345  server  starts  at  $2,800  with 
one  2-GHz  Xeon  chip.  The  server  sup¬ 
ports  Windows  NT/2000,  Novell’s 
NetWare  and  Linux  distributions  from 
Red  Hat,  SuSE  Linux  AG  and 
Caldera,  www.ibm.com 

■  IBM  and  Palm  will  develop  soft¬ 
ware  to  let  users  of  wireless-enabled 
Palm  handheld  devices  remotely  ac¬ 
cess  IBM  business  applications.  The 
companies  also  will  jointly  develop 
applications  targeted  at  business 
users  of  the  Palm  handheld.  A  ver¬ 
sion  of  Sametime,  the  instant-mes¬ 
saging  client  for  corporate  users 
made  by  IBM’s  Lotus  will  be  one  of 
the  first  such  applications.  The  first 
release  of  IBM  and  Palm’s  joint  work 
is  scheduled  for  September.  The 
companies  will  jointly  sell  and  market 
the  software.  IBM,  as  part  of  the 
agreement,  will  offer  Palm  PDAs. 

IBM  has  in  the  past  sold  Palm  PDAs 
under  its  own  WorkPad  brand,  but 
stopped  doing  that  earlier  this  year. 
www.palm.com; www.ibm.com 


Call  centers  tackle  IP  telephony 

Converged  networks  change  the  way  customer  contact  shops  operate, 


■  BY  PHIL  HOCHMUTH 

Converged  voice/data  WAN  projects  and 
applications  are  helping  customer  call 
centers  of  all  sizes  lower  costs  and  become 
more  efficient.  Benefits  include  savings  on 
long-distance  and  local  phone  charges, 
and  improved  performance  of  customer 
call  agents  because  of  better-integrated 
voice  and  data  technology 

At  Household  Financial,  convergence  is 
helping  the  financial  services  company 
turn  its  1,500  branch  offices  around  the 
country  into  small,  localized  call  centers 
that  can  serve  customers  over  the  phone  or 
face  to  face. 

The  Prospects  Heights,  Ill.,  firm  recently 
built  a  converged  voice  and  data  network 
with  products  from  Vertical  Networks  and 
an  IP-enabled  nationwide  T-l  backbone 
from  AT&T.  In  each  office,  a  Vertical  Instant- 
Office  3500  was  installed,  which  acts  as  a 
small-office  PBX,  a  LAN  switch  and  a  plat¬ 
form  for  computer  telephony  applications. 


Household  branch  offices  provide  loan 
application  and  other  financial  services 
to  regional  customers.The  branches  were 
once  connected  to  a  centralized  data¬ 
base  via  dedicated  56K  bit/sec  data  cir¬ 
cuits,  while  each  office  had  anywhere 
from  five  to  15  outside  telephone  lines  for 
customer  support. 

By  combining  the  branch  offices’  voice 
and  data  onto  single  T-l  lines  from  AT&T, 
the  total  telecom  savings  among  the 
branches  is  expected  to  be  about  $4.5  mil¬ 
lion  per  year,  says  Ken  Harvey,  CIO  for 
Household.  In  addition,  with  the  new  con¬ 
verged  network,  branches  get  nearly  three 
times  the  WAN  bandwidth  as  before. 

But  that’s  not  the  biggest  plus,  he  says. 

“What  the  converged  network  has 
allowed  us  to  do  is  to  make  every  branch 
office  its  own  call  center,”  he  says.  Along 
with  converged  WAN  traffic,  the  Instant- 
Office  PBX/server  is  used  as  a  platform 
for  customer  interaction  applications  nor¬ 
mally  found  in  larger  call  center  systems. 


IP  makes  contact 

IDC  expects  that  many  call 
centers  will  look  to  convergence 
technology  by  next  year. 

Worldwide  converged  PBX  revenue  by  application 
in  2003 


For  example,  the  box  integrates  caller  ID 
with  Household’s  custom-built  CRM  sys¬ 
tem,  letting  customer  records, such  as  loan 
processing  updates,  pop  up  on  an  agents’ 

See  Gall  center,  page  16 


Route-control  gear  gets  smarter 

New  software  features  enable  more  sophisticated  routing  decisions. 


■  BY  TIM  GREENE 

With  an  eye  toward  helping  customers 
reduce  Internet  connectivity  costs,  Route- 
Science  Technologies  and  Proficient  Net¬ 
works  are  adding  features  to  their  route- 
control  equipment  that  lets  the  equipment 
weigh  the  shifting  costs  of  ISP  connections 
to  choose  the  best  link. 

These  route-control  server  appliances  sit 
on  LANs  at  customer  sites  that  have  multi¬ 
ple  Internet  connections,  and  they  deter¬ 
mine  which  one  is  best  —  taking  into 
account  price,  how  close  customers  are  to 
exceeding  the  usage  they  have  contracted 
for  and  how  well  each  link  is  performing. 

RouteScience  is  introducing  new  fea¬ 
tures  with  Version  2.0  of  its  RouteScience 
Operating  System  (RSOS  2.0), including  the 
ability  to  reduce  the  number  of  route 
changes  by  requiring  a  significant  improve¬ 
ment  in  performance  before  making  a 
change.  If  performance  for  the  current  link 
falls  within  an  acceptable  range  set  by  the 
customer,  RSOS  2.0  and  the  P&thControl 
appliance  won’t  switch  to  another  ISP  that 


Paying  the 

Route-control 
a  major  investn 

Product 

price 

equipment  can  be 
lent  for  businesses. 

Price 

netVmg 

$150,000— $250,000 

Opnix 

$100,000 

Proficient 

$35,000— $50,000 

Radware 

$39,000— $79,000 

RouteScience 

$30,000—  $250,000 

might  be  faster.  This  helps  prevent  the  vol¬ 
ume  of  route  changes  from  becoming  a 
factor  in  degrading  performance. 

RSOS  2.0  monitors  traffic  over  each  link 
and  switches  it  to  other  links  before  use 
exceeds  the  limit  at  which  prices  go  up. 

RouteScience  also  supports  new  reports, 
including  a  high-level  analysis  of  traffic  and 
costs,  designed  to  help  network  executives 
explain  the  benefits  of  the  devices  to  CEOs 


and  CTOs  who  don’t  directly  manage  the 
devices  but  want  to  see  whether  they  are 
saving  money  It  also  provides  a  report  esti¬ 
mating  the  current  bills  from  each  ISP 
RouteScience  gear  can  send  the  bills  auto¬ 
matically  via  e-mail. 

Meanwhile,  Proficient  is  adding  price- 
based  load-sharing  support  to  its  Policy 
Engine  software.  The  support  lets  cus¬ 
tomers  pick  the  fastest  route  for  priority 
traffic  but  the  lowest-cost  route  for  the  rest. 
Fblicy  Engine  keeps  track  of  the  pricing 
structure  for  each  Internet  link  and  weighs 
the  current  prices  against  each  other.  The 
benefit  would  be  to  get  the  performance 
required  for  certain  applications  while 
keeping  costs  down  as  much  as  possible. 

This  feature  also  will  let  customers  make 
sure  bills  from  service  providers  are  accu¬ 
rate,  says  Zeus  Kerravala,  an  analyst  with 
The  Yankee  GroupTIf  you  understand  what 
you’re  paying  your  provider  and  you  know 
how  much  traffic  is  going  through  their 
pipe, you  should  be  able  to  tell  them  down 
to  the  penny  what  you  should  be  paying 
See  Route  control,  page  16 


•Check  with  your  service  provider  for  avatlabi'tfy  2002  Reseaich  In 
Motion  Limited  (RIM).  All  rights  reserved  BiackBer  v  «•  end  to  end 
wireless  solution  developed  by  RIM  BlackBerty  in?  BU:  v.^erry  logo,  the 
"envelope  in  motion*  symbol.  RIM.  the  RIM  Wireless  fandNnd  family  of 
marks  and  the  RIM  logo  are  trademarks  or  registered  tvJ*\-  ,  <s  of  RIM 
All  other  trademarks  are  the  properties  of  their  respecti'-**  owners. 
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know. 


Out  of  the  office  used 


to  mean  being  out  of  touch.  Now  there's  BlackBerry,™  the  wireless  enterprise  solution 
that  keeps  your  team  connected  to  people  and  information  while  on  the  go.  Designed 
specifically  for  the  enterprise,  BlackBerry  is  a  totally  integrated  solution  that  includes: 

•  advanced  wireless  handhelds  with  optional  data  and  phone  services* 

•  software  that  integrates  seamlessly  with  Microsoft®  Exchange  and  Lotus’  Domino'' 

•  a  powerful  platform  based  on  open  standards 

•  end-to-end  security  with  Triple  DES  encryption 

With  BlackBerry  Enterprise  Server  software,  IT  benefits  from  centralized  management 
and  control  with  impressive  ROI  potential.  Mobile  users  stay  connected  and 
productive.  For  those  in  the  know,  BlackBerry  has  become  the  corporate  standard 
for  wireless  connectivity. 
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Most  columns  bring  in  responses 
from  readers,  but  the  last  one 
(about  Microsoft’s  Palladium  initia¬ 
tive)  brought  forth  quite  a  few. Surprisingly, 
many  used  the  same  phrase.  Not  surpris¬ 
ingly  the  phrase  was  mostly  misused. 

One  of  the  problems  1  foresaw  with 
Palladium  was  that  Microsoft  was  promis¬ 
ing  to  publish  the  source  code. 

I  said  this  was  similar  to  providing  bur¬ 
glars  with  a  wiring  diagram  of  your  alarm 
system.  Most  of  the  readers  commenting 
on  the  column  accused  me  of  promoting 
“security  by  obscurity1 


Security  by  obscurity? 


Certainly  source  code  is  less  obscure  to 
read  than  compiled  code,  which  was  pre¬ 
cisely  my  point. 

The  phrase  “security  by  obscurity”  was 
originated  to  describe  the  activity  of  soft¬ 
ware  companies  that  chose  to  attempt  to 
hide  the  knowledge  of  security  holes  in 
their  products.  Microsoft, among  others, has 
been  guilty  of  this.Typically  this  comes  up 
when  one  group  or  another  announces 
that  a  security  hole  has  been  found  before 
the  vendor  can  supply  a  patch.  Of  course, 
the  vendor  would  prefer  that  the  group  not 
“go  public”  until  the  patch  is  released. The 
vendor  believes  that  by  obscuring  the  evi¬ 
dence  of  the  hole,  the  security  of  the  sys¬ 
tem  is  enhanced. 

Unfortunately  the  open  source  commu¬ 
nity  and  others  have  co-opted  this  phrase 
as  somehow  being  evidence  that  source 
code  should  be  made  available.  Some¬ 
how  they  think  that  poring  over  the  code 


will  reveal  a  potential  exploit  before  it  can 
occur.  While  that’s  theoretically  possible,  it 
is  just  as  likely  that  someone  will  read  the 
code,  discover  a  flaw  and  exploit  it. 

With  open  source  software,  it  is  easier  to 
fix  a  flaw,  as  anyone  can  modify  the  code. 
Of  course,  that  usually  means  multiple  ver¬ 
sions  of  the  code.  With  so-called  propri¬ 
etary  code  you  do  have  to  wait  for  the  ven¬ 
dor  to  fix  it.So  by  publishing  the  source  but 
not  allowing  others  to  modify  it  Microsoft  is 
providing  the  worst  of  two  worlds:  letting 
the  exploits  be  discovered  quickly  but  not 
letting  you  fix  them.That’s  what  makes  pub¬ 
lishing  the  source  code  a  bad  idea. 

Precision  is  important,  both  in  coding 
and  in  communicating.  Remembering  the 
precise  use  of  a  variable  contributes  to 
good  coding.  Remembering  the  precise 
use  of  a  cliche  or  catch-phrase  contributes 
to  good  communicating.Thus  it  is, and  thus 
it  always  has  been. 


Kearns,  a  former  network  administrator, 
is  a  freelance  writer  and  consultant  in 
Silicon  Valley.  He  can  be  reached  at 
wired@vquili  com. 


Tip  of  the  Week 


The  Web  site  www.micro 
soft.com/windows.net 
server/  is  a  treasure  trove  of 
information  about  the  up¬ 
coming  release  of  Micro¬ 
soft’s  .Net  server,  the  suc¬ 
cessor  to  Windows  2000. 
Start  reading  now  so  you’ll 
be  ready  for  the  release 
later  this  year. 


Call  center 

continued  from  page  13 

screen  before  he  says  “hello.” 

The  InstantOffice  server,  integrated 
with  Household’s  back-end  systems,  lets 
agents  pull  up  customer  documents  over 
the  WAN  from  a  centralized  database 
housed  in  Chicago.  Documents  also  can 
be  faxed  from  Household  branches  to 
customers  through  an  application  inter¬ 
face  on  the  desktop. 

The  market  for  converged  voice  platform 
next  year  —  which  includes  IP  PBXs  and 
IP-enabled  PBXs,  or  phone  systems  con¬ 
nected  via  data  lines  —  will  reach  $231 
million,  up  from  just  $7  million  four  years 
ago,  according  to  IDC.This  comes  as  larger 
companies  have  ramped  up  customer  ser¬ 
vice  efforts  among  businesses.  A  recent  IDC 
study  found  28%  more  businesses  created 
IT  budgets  specifically  for  call  centers  in 
2001  vs.  2000. 

The  traditional,  or  circuit-switched,  call 
center  market  is  led  by  Nortel,  Avaya, 
Siemens  and  Aspect,  which  sell  automatic 
call  distributors  (ACD),  or  beefed-up  PBXs 
that  can  handle  the  large  call  volume. 

Companies  including  Alcatel,  Cisco, 3Com 
and  smaller  players  such  as  Vertical  Net¬ 
works  and  Altigen  have  added  call  center 
capabilities  to  their  IP  PBXs,  while  the  tradi¬ 
tional  players  have  gotten  into  the  act  with 
lP-enabling  add-on  software  for  their  ACDs 
and  pure  IP  call  center  software  that  can 
run  on  top  of  server-based  IP  PBX  products. 

Integrated  apps  create  efficiency 

Integrated  IP/telephony  applications  also 
are  making  enterprise  call  centers  more 
efficient  at  reaching  customers. 

If  you  get  a  call  from  Bass  &  Associates, 
an  Atlanta  law  firm  that  provides  out¬ 
sourced  bankruptcy  and  collection  call 
services  for  credit  card,  cell  phone  and 
consumer  loan  companies,  you  probably 
don't  care  that  the  company  uses  an  inte¬ 
grated  voice/data  system  to  streamline  its 
calling  prrrcess. 


But  the  Conversations  4.0  predictive 
dialing  software  from  Divine  lets  the  firm’s 
agents  make  70%  more  calls  daily  accord¬ 
ing  to  Jack  Stephens,  senior  account  exec¬ 
utive  with  Bass,  who  oversaw  the  installa¬ 
tion  of  the  Conversations  server.  The  Con¬ 
versations  server  has  let  the  Bass  law  firm 
double  the  money  it  collected  for  its  clients 
each  month,  he  adds. 

The  Conversations  application  runs  on  an 
IBM  RS6000  server,  which  connects  to  the 
firm’s  IBM  AS/400  and  a  Lucent  G3  PBX.The 
Conversations  server  places  the  call  for  the 
agent,  and  a  desktop  application  screen 
brings  up  the  customer’s  data  from  the 
AS/400  for  the  agent  to  read. 

Because  Conversations  runs  over  IP 
Stephens  has  extended  the  server  over  the 
company’s  VPN  to  a  second  call  center  in 
Tucson,  Ariz.,  that  conducts  collection  calls 
during  West  Coast  business  hours. 

“Running  the  [Conversations]  applica¬ 
tion  over  the  network  let  us  add  more 
agents  in  the  Tucson  office,”  Stephens  says, 
which  has  helped  ramp  up  collections  on 
the  West  Coast. 

Some  call  centers  still  circuit  switch 

While  IP  telephony  and  voice  over  IP 
have  been  deployed  in  a  few  large  call  cen¬ 
ters,  the  base  telephony  gear  in  the  largest 
call  centers  will  remain  circuit-switched  for 
the  time  being,  some  users  say 

“The  reality  is  that  we’ve  got  a  huge  invest¬ 
ment  in  PBXs  that  work,"  says  Tom 


More  online! 

Stay  on  top  of  the  latest  convergence  news, 
opinions  and  more. 
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McCormick,  senior  technical  analyst  with 
Carnival  Cruises  in  Miami.  “We  are  a  call 
center  for  the  most  part;  that’s  where  all  of 
our  customer  service  is.” 

IP  voice  gear  such  as  IP  phones  and  PC- 
based  softphones  might  promise  improved 
features  and  more  closely  integrated 
voice/data  applications,  McCormick  says, 
but  he  does  not  think  the  technology  is 
ready  for  prime  time  on  the  scale  of 
Carnival’s  contact  centers. 

“[IP  PBXs]  are  not  meant  to  be  comple¬ 
mentary  or  compatible  with  existing  PBXs, 
generally”  McCormick  says.  “From  the 
ground  up  they’re  great,  but  we’re  not  ready 
to  risk  that  technology  in  our  call  center’’ 


Route  control 
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them  each  month,”  he  says. 

Bills  for  services  that  are  based  on  a  flat 
fee  for  a  certain  amount  of  bandwidth,  but 
then  charge  a  separate  usage  fee  for  traffic 
that  bursts  above  that  level  are  difficult  to 
predict  month  to  month,  Kerravala  says. 

This  feature  could  also  be  used  to 
divert  traffic  away  from  heavily  used  links 
before  it  bursts  into  the  higher  price, 
Kerravala  adds. 

The  company  also  sells  its  software  in 
modules,  so  customers  can  buy  software 
keys  to  unlock  new  capabilities  as  they 
need  them. So, a  customer  could  buy  a  key 
to  unlock  the  ability  to  make  decisions 
based  on  variable  pricing  vs.  fixed  pricing. 

Proficient  now  can  pair  its  devices  so 
one  stands  ready  to  take  over  if  the  pri¬ 
mary  one  fails. 

Separately,  Sockeye  Networks,  a  route- 
control  managed  service  provider,  is 
teaming  with  InvisibleHand  Networks  to 
support  automated  bandwidth-trading 
services.  The  two  companies  will  supply 
their  respective  software  and  services  that 
let  businesses  bid  on  backbone  IP  band¬ 
width  based  on  price  and  the  perfor¬ 
mance  of  the  network  on  which  the  traffic 


Carnival  runs  two  call  centers  based  on 
Avaya  G3  PBX  systems  —  in  Colorado 
Springs  and  Miramar,  Fla.,  to  cover  both 
sides  of  the  U.S.The  Colorado  and  Florida 
centers  have  250  and  700  agents  working  in 
them,  respectively  and  the  cruise  company 
is  building  a  third  call  center  in  Miami  that 
will  house  another  700  agents. 

“For  any  other  department  that’s  not  our 
breadwinner,  [IP  voice]  is  great,”  he  says. 

“Take  my  IT  department,  where  it  doesn’t 
really  matter  how  good  the  quality  of  a  call 
is.  We’re  not  losing  money  there  if  a  phone 
isn’t  working.  There’s  no  reason  to  buy  a 
non-IP  phones  for  non-reservation-related 
departments,”  McCormick  says.  ■ 


will  travel. 

Corporate  customers  that  want  to  buy 
such  bandwidth  at  auction  would  con¬ 
nect  to  a  bandwidth  marketplace  service 
via  an  access  connection.  Using  agent 
software,  they  would  specify  that  they 
want,  for  example,  5M  bit/sec  of  band¬ 
width  for  a  month  for  less  than  $2,000  with 
less  than  60  msec  of  network  delay.  Sellers 
at  the  marketplace  would  advertise  what 
bandwidth  they  have  to  sell. 

Sockeye’s  Global  Route  service  would 
determine  which  sellers’  networks  met  the 
performance  requirements  and  report 
back  to  the  agent  software.  InvisibleHand’s 
Merkato  software  would  determine  which 
met  the  price,  and  the  agent  would  pick 
the  best  deal. 

Corporate  customers  of  such  a  service 
could  buy  bandwidth  in  time  intervals  as 
small  as  5  minutes, so  they  would  be  buy¬ 
ing  just  the  bandwidth  they  need. 

RouteScience:  www.routescience.corn; 
Proficient:  www.proficientnetworks.com; 
Sockeye:  www.sockeye.com 
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Imagine  it: 

Scaling  up  to  a  server  for  mission-cr 
applications  that’s  stable,  easy  to 
delivers  enterprise-class  performance, 
server  that  maximizes  the  benefits 
enterprise  operations. 


Unisys  has  made  it  all  real  with  our  ES7000  server. 
It  harnesses  32  Intel®  Xeon™  Processors  for 
scalability  and  grown-up  enterprise-class 
performance.  Unisys  has  created  a  server  with 
advanced  systems  management  for  less 
babysitting  and  rock-solid  reliability  running 
Microsoft®  Windows®  2000  Datacenter  Server 
software.  It  all  adds  up  to  reduced  total  cost  of 
ownership  and  a  mature  server  environment  to 
simplify  your  operations. 


©  2002  Unisys  Corporation  Unisys  is  a  registered  trademark  of  ( 
Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  traar . 
or  its  subsidiaries  in  the  United  States  and/or  other  countries  ©  2 
All  rights  reserved.  Microsoft.  Windows  and  the  Windows  logo  are  < 

nr  trademarks  nf  Mirrnsn/t  C.nrnnratinn  in  the  United  States  and/ni 


s  Corporation.  Intel,  the 
ks  of  Intel  Corporation 
Microsoft  Corporation. 
ir  registered  trademarks 


Server  Technology  with  precision  thinking, 


relentless  execution  to  driv 


vision  forward. 


\ _ _ 


Imagine  it.  Done. 


Advertising  Supplement 


I 


uilding  the  Optical  Enterprise 

Cisco  COMET  provides  an  optical  answer  to  enterprise  requirements  for  voice, 

IP  convergence,  storage  and  more. 


Voice 


AS  ENTERPRISE  NETWORKS  INCREASE 

in  importance  to  business  operations,  network  architects 
must  continually  look  for  ways  to  meet  new  demands  for 
bandwidth,  resilience  and  performance.  At  the  same  time, 
enterprises  are  under  pressure  to  contain  costs  even 
while  they  are  being  asked  to  improve  service. 

Explosive  growth  in  e-commerce  and  Internet  transactions  is  driving  require¬ 
ments  for  higher  network  bandwidths.  For  many,  the  most  efficient  way  to  meet 
this  demand  is  to  build  a  single  high-performance  network  that  can  handle  all 
their  voice,  data  and  video  network  requirements.  Increasingly,  customers  will 
find  this  new  network  infrastructure  is  built  on  top  of  optical  technology.  Vendors 
such  as  Cisco  Systems,  with  its  Complete  Optical  Multi-service  Edge  and 
Transport  (COMET)  product  portfolio,  are 
delivering  optical  technology  tailored  to 
meet  enterprise  requirements. 

Enterprise  networks  have  grown  to  employ 
a  mix  of  services.  A  typical  network  may  have 
TDM  private  lines  supporting  voice  with 
frame  relay  and  ATM  services  handling  data, 
at  speeds  ranging  fromTI/EI  toT3/E3  or  even 
OC-3/STM-1  and  above.  On  the  LAN, 

Ethernet  rules,  with  speeds  consistently 
increasing  from  its  original  10Mbps  roots  on 
copper  wire,  to  100M  and  gigabit  speeds  on 
both  copper  and  fiber.  Now  lOGbps  Ethernet 
is  even  starting  to  emerge  in  both  the  LAN 
and  metropolitan-area  networks  (MANs). 

Today,  most  Ethernet  LANs  are  used  to 
transport  IP  traffic.  Once  used  solely  to 
carry  data,  with  the  dramatic  increase  in 
LAN  speeds  and  accompanying  improve¬ 
ments  to  the  protocol  itself,  IP  is  now  doing 
far  more.  Enterprises  are  finding  they  can 
build  all-IP  networks  that  support  all  of  their 
voice,  video  and  data  network  applications. 

Vendors  like  Cisco,  with  its  Architecture  for 
Voice,  Video  and  Integrated  Data  (AVVID), 

are  delivering  network  switches,  routers  and  other  components  that  make  truly 
converged  networks  possible.  AVVID  guarantees  not  only  the  availability  of 
large  amounts  of  bandwidth,  but  the  quality  of  service  (QoS)  characteristics 
required  by  delay-sensitive  applications  like  voice  and  video. 

Storage  is  another  application  that  comes  with  stringent  performance  and 
bandwidth  demands.  Whether  the  enterprise  chooses  to  deploy  storage-area 
networks  (SANs)  or  network-attached  storage  (NAS)  devices,  they  need  a  reli¬ 
able,  high-speed  network  underneath.  Business  continuance  applications  that 
demand  off-site  storage  require  these  networks  be  extended  across  the  metro 
area,  with  bandwidth  and  reliability  requirements  that  are  nearly  impossible  to 
achieve  with  traditional  wide-area  transport  services  such  as  frame  relay  and 
private  leased  lines. 

Converging  on  COMET 

A  confluence  of  factors  is  now  making  it  possible  for  enterprises  to  support 
bandwidth-intensive  applications  such  as  storage  consolidation  and  disaster 
recovery.  First  is  the  ability  to  lease  dark  fiber-optic  cable  and  optic  wavelengths 
from  service  providers.  Increasingly,  enterprises  are  finding  that  fiber  or  wave¬ 
lengths  are  available  to  a  number  of  their  buildings  in  any  given  metro  area,  hav¬ 
ing  been  laid  years  ago  by  carriers  in  anticipation  of  future  requirements.  New 
fiber  is  likewise  being  installed  at  a  steady  pace,  in  both  the  WAN  and  the  MAN. 

At  the  same  time,  carriers  and  enterprises  alike  now  have  the  technology 


required  to  “light”  that  previously  dark  fiber  and  use  it  to  support  their  myriad 
bandwidth  and  application  requirements.  Optical  technologies  like  Wave  Division 
Multiplexing  (WDM)  enable  any  service  to  be  carried  over  wavelengths  of  light. 
WDM,  integrated  as  part  of  a  Multi-service  Provisioning  Platform  (MSPP),  can 
carry  anything  from  Ethernet  traffic  to  ATM,  frame  relay  and  private  lines. 

“Optical  Fiber  and  DWDM  technology  enable  enterprise  customers  to  create  a 
very  high  bandwidth  optical  infrastructure  in  the  MAN  today,"  says  Carl 
Engineer,  director  of  marketing  at  Cisco.  "Multiple  wavelengths  can  be  used  to 
aggregate  all  types  of  traffic,  from  lower-speed  services  on  one  wavelength  of 
light  and  higher-bandwidth  services  such  as  ESCON,  Fibre  Channel  and  uncom¬ 
pressed  digital  video  over  other  wavelengths.” 

Cisco  gives  enterprises  the  opportunity  to  take  advantage  of  optical  technolo¬ 
gy  through  its  COMET  product  portfolio.  COMET  provides  an  array  of  optical 
networking  equipment  that  enables  enterprises  to  extend  and  manage  across 
the  MAN  all  the  voice,  data  and  video  applications  that  Cisco  AVVID  technolo- 

Cisco  COMET:  The  Optical  Foundation  for  Cisco  AVVID 

The  Cisco  COMET  portfolio,  anchored  by  the  ONS  switch  family,  enables  enterprises  to  support  any  mix  of  voice, 
video,  data,  storage  and  disaster  recovery  applications. 
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gy  has  long  supported  in  campus  networks. 

COMET  builds  on  the  wealth  of  experience  in  routing  and  switching  that  is 
inherent  in  the  Cisco  IOS  infrastructure  and  blends  it  with  carrier-class  optical 
technology.  COMET  provides  for  the  provisioning  of  any  enterprise  network  ser¬ 
vice  or  application  over  an  optical  network  with  no  single  point  of  failure.  QoS 
capabilities  are  likewise  supported  end-to-end,  as  COMET  equipment  can  inter¬ 
operate  fully  with  an  enterprise's  existing  Cisco  internetworking  equipment  and 
with  carrier-provided  services. 

That’s  an  important  point,  Engineer  notes,  because  fiber  deployment  is  an  evo¬ 
lutionary  process.  "In  any  one  city,  the  probability  that  you’ll  be  able  to  tie  100% 
of  your  buildings  together  with  fiber  is  fairly  low,  but  there’s  a  high  probability 
that  you'll  be  able  to  reach  40%, ”  he  says.  That  means  enterprises  will  need  a 
hybrid  architecture  for  some  time,  one  capable  of  mixing  private  optical  services 
where  fiber  is  available  and  carrier-provided  services  where  it  is  not. 

Over  time,  enterprises  will  be  able  to  converge  all  of  their  voice,  data,  video  and 
storage  networks  onto  a  single,  highly  resilient  optical  infrastructure,  providing 
cost  efficiencies  in  terms  of  operational  expenses  and  recurring  carrier  charges 
while  positioning  the  enterprise  to  meet  future  demands. 

In  short,  the  Cisco  COMET  portfolio  enables  enterprises  to  cost-effectively 
meet  the  demand  for  reliable,  high-performance  networks  that  support  con¬ 
verged  voice,  data  and  video  applications  today  while  positioning  them  to  meet 
whatever  new  requirements  the  future  may  bring. 


Learn  more  about  optical  networking: 

Download  the  white  paper,  "Cisco  COMET:  Optical  Networking  Solutions  for  the  Enterprise/ 

from:  www.nwfusion.com/gocc/cometwp2. 
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Mirrored  firewalls  provide  some  com¬ 
fort  to  Don  Hoffman,  who  watches  over 
The  Mony  Group's  extended  enterprise 
network  as  director  of  IT  security. 


Today's  world  of  open  network  access  means 
rethinking  the  role  of  the  firewall. 

By  Bob  Violino 


Obviously,  the  firewall  can  no 
longer  stand  alone  against  all 
nasty  intrusions.  The  chances 
that  a  virus  or  other  ill-intended 
probe  will  penetrate  a  compa¬ 
ny’s  firewall  rises  almost  daily, 
especially  when  ports  are 
opened  to  give  people  outside 
the  physical  perimeter  access. 

Not  that  most  network  execu¬ 
tives  can  even  define  the 
perimeter  any  longer.  The  dis- 
between  what’s  inside 


and  outside  the  corporate  realm 
has  vanished.  In  its  stead  has 
come  modified  perimeter  ar¬ 
chitectures,  built  using  more 
advanced  firewalls  that  follow 
tenets  of  a  security  model  for 
today’s  realities  (see  related 
story,  page  6). 

When  network  managers  be¬ 
gan  deploying  firewalls  as  secu¬ 
rity  tools  a  decade  ago,  they 
could  easily  define  the  network 
perimeter.  Most  people  who 
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had  access  to  corporate  net¬ 
works  worked  on  desktop  com¬ 
puters  in  the'  main  office;  exter¬ 
nal  links  to  business  partners 
were  virtually  nonexistent.  A 
simple  firewall-based  demilita¬ 
rized  zone  between  the  private 
and  public  network  made 
sense.  But  today’s  practice  of 
allowing  access  to  corporate 
data  to  anyone  who  might  need 
il  —  mobile  workers,  telecom¬ 
muters,  business  partners,  sup¬ 
pliers  —  from  wherever  they  are 
over  wired  or  wireless  links 
turns  that  sensible  decision  into 
a  foolish  one. 

To  provide  a  high  level  of  ac¬ 
cess,  companies  punch  holes 
through  the  firewall  barrier  and 
hide  data  from  the  firewall’s 
view  by  using  technologies 
such  as  VPNs  and  encryption. 
This  cripples  firewalls  —  as  they 
were  originally  designed  —  and 
keeps  them  from  protecting 
companies  against  attacks, 
high-tech  vandalism,  theft  of 
data  or  other  security  breaches. 

On  the  attack 

Data  from  the  Computer  Se¬ 
curity  Institute  ((’SI)  shows  the 
number  of  security  breaches, 
already  high,  has  grown  in  the 
past  year.  CSI’s  2002  Computer 
Crime  and  Security  Survey,  re¬ 
leased  in  April,  indicates  that 
90%  of  the  503  participating 
U.S.  organizations  detected 
computer  security  breaches 


within  the  previous  12  months, 
up  from  85%  in  the  previous 
year.  Eighty  percent  of  the 
organizations  said  they  suffered 
financial  losses  because  of 
computer  breaches,  up  from 
64%  the  year  before. 

About  75%  of  survey  respon¬ 
dents  said  their  Internet  connec¬ 
tion  was  a  frequent  point  of 
attack,  compared  with  33%  who 
cited  their  internal  systems  as 
such.  Forty  percent  detected 
system  penetration  from  the  out¬ 
side,  85%  detected  computer 
viruses  and  70%  of  those 
attacked  reported  vandalism. 

“Companies  need  to  provide1 
a  lot  of  access  to  their  partners, 
customers  and  employees 
today,  and  they’re  using  tech¬ 
nologies  like  Web  services  and 
extranets  more  frequently.  All 
of  this  points  to  the  fact  that 
perimeter  security  by  itself  is  no 
longer  adequate,”  says  Laura 
Koetzle,  security  analyst  with 
Forrester  Research. 

“Businesses  need  to  have  fire¬ 
walls,  but  there  must  be  various 
layers  of  firewalls  as  well  as 
clear  policies  that  determine 
how  these  firewalls  interact,” 
Koetzle  says,  “Having  nothing 
protecting  the  middle  of  the 
enterprise  is  a  sure  way  to  let 
someone  come  in  and  do  max¬ 
imum  damage.” 

In  a  survey  of  50  IT  managers 
conducted  by  Forrester  earlier 
this  year,  “openness  of  our  net- 


Too  many  holes 

The  openness  of  corporate 
networks  —  i.e.,  firewall- 
based  perimeters  riddled 
with  holes  — is  causing 
serious  concern  for  IT 
managers. 

What  is  your  biggest  IT 
security  concern? 

Viruses 


32% 


Openness  of  our  network 


22% 


Lack  of  user  awareness 


16% 


Privacy 


12% 


Lack  of  resources 


8% 


Denial  of  service 


Lack  of  internal  collaboration 

2%  | 

SOURCE:  FORRESTER  RESEARCH 

work”  was  the  second  most  ■ 
common  response  given  (after  ; 
viruses)  when  managers  were  i 
asked  to  name  their  biggest  IT  i 
security  concern. 

On  the  defense 

Firewall  vendors  such  as  i 
Check  Point  Software,  Cyber- : 
Guard,  Network  Associates,  i 
Secure  Computing  and  Syman-  ! 
tec  are  trying  to  address  the  \ 
needs  of  increasingly  open  net-  i 
works  by  bolstering  firewall  i 


capabilities.  For  example,  they 
are  developing  directory-based 
firewalls  that  issue  access  rights 
after  a  user  has  logged  in  and 
logical  firewalls  that  separate 
groups  within  an  organization. 
Other  initiatives  include: 

•  Designing  firewalls  to  work 
more  easily  with  intrusion- 
detection  systems  and  antivirus 
software,  or  embedding  those 
capabilities  in  firewalls. 

•  Offering  firewall  protection 
for  equipment  such  as  home 
office  computers  and  wireless 
handheld  devices. 

•  Providing  firewalls  that  are 
embedded  in  components 
such  as  network  cards,  so  indi¬ 
vidual  devices  on  a  network 
can  be  protected  against  inter¬ 
nal  and  external  threats. 

•  Offering  filtering  levels  so 
firewalls  can  better  determine 
the  threat  of  specific  messages 
or  applications  being  sent. 

Network  executives  taking 
advantage  of  new  ways  to 
design  firewall  -based  perime¬ 
ters  are  experiencing  good  re¬ 
sults.  The  Mony  Group,  an 
insurance  and  financial  ser¬ 
vices  firm  in  New  York,  has 
installed  mirrored  firewalls  to 
protect  its  perimeter.  If  one  fire¬ 
wall  fails,  another  stands  in  the 
way  and  ensures  protection, 
says  Don  Hoffman,  director  of 
IT  security, 

“This  makes  us  less  vulnerable 
if  we’re  attacked,”  I  loffman 
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says.  “It  used  to  be  there  was  a 
single  point  of  failure.” 

Still,  Hoffman  pressures  fire¬ 
wall  vendors  to  do  a  better  job 
of  getting  fixes  out  when  weak¬ 
nesses  in  firewalls  are  exploited 
or  when  new  threats  emerge 


such  as  logic  bombs  or  spam. 
“That’s  an  underlying  issue  with 
security  We  know  a  vulnerabil¬ 
ity  exists,  but  we  have  to  wait  for 
the  patches  or  upgrades,”  he 
says,  adding,  however,  that  ven¬ 
dors  are  improving.  “They  used 
to  be  a  week  behind  the  prob¬ 
lems  and  now  they’re  two  or 
three  days  behind.” 


Despite  growing  sophistica¬ 
tion,  firewalls  aren’t  enough, 
Hoffman  says.  Mony  also  uses 
VPN,  IDS,  authentication  and 
other  technologies  to  secure  its 
corporate  network.  Plus,  Mony  is 
exploring  whether  internal  fire¬ 


walls  would  be  useful  in  pro¬ 
tecting  particular  departments 
and  even  individual  devices. 

Of  course  new  firewall  tech¬ 
nology  is  only  a  partial  solution. 
Policies  must  also  be  created. 
OSGTap  &  Die,  a  tools  manufac¬ 
turer  in  Glendale  Heights,  Ill., 
uses  Secure  Computing’s  Side- 
Winder  firewall  with  a  built-in 


VPN  to  connect  via  the  In¬ 
ternet  with  its  parent  company 
in  Japan,  offices  in  Europe,  and 
to  selectively  provide  data  ac¬ 
cess  to  workers  in  the  field. 

“When  a  salesman  working  in 
a  hotel  room  needs  to  get  ac¬ 


cess,  he  can  come  in  through 
the  firewall  using  the  client 
VPN  and  I  [can  verify]  he’s 
actually  the  salesman  through 
authentication,”  says  Mike 
McKenna,  IS  manager  at  OSG. 

However,  McKenna  is  cautious 
about  granting  employee  re¬ 
quests  to  transfer  data  to  and 
from  Web  sites  blocked  by  the 


firewall.’The  Swiss  cheese  effect 
comes  into  play  where  you’re 
creating  holes  in  the  firewall, "he 
says.  “We  can’t  just  make  ran¬ 
dom  changes  in  the  firewall  to 
accommodate  all  the  requests.” 

New  policies  really  come 
down  to  common  sense,  says 
Tom  Warfield,  systems  adminis¬ 
trator  in  charge  of  networking  at 
government  contractor  AST  in 
Lawton,  Okla. 

“We  have  a  simple  rule,  if 
you’re  not  using  something, shut 
it  off,”  he  says.  It  might  sound 
obvious,  but  “people  tend  to 
leave  everything  —  desktop 
computers,  laptops  or  other  sys¬ 
tems  —  turned  on,”  and  that  in¬ 
vites  trouble  that  the  firewall 
can’t  always  block. 

Violino  is  a  freelance  writer  cov¬ 
ering  business  and  technology. 
He  can  be  reached  at  bviolino 
@optonline.net. 


‘The  Swiss  cheese  effect  comes  into  play  where 

you're  creating  holes  in  the  firewall.  We  can't  just  make  random 
changes  in  the  firewall  to  accommodate  all  the  requests." 

Mike  McKenna,  IS  manager,  OSG  Tap  &  Die 


Firewalls  and  then  some 


ith  firewalls  no  longer  able  to  be  a  solitary 
[guardian  against  all  potential 
threats,  network  executives  “need 
to  look  at  different  ways  to  take  the 
load  off  the  firewall,"  says  Don 
Hoffman,  director  of  IT  security  at 
The  Mony  Group,  an  insurance  and  financial  servic¬ 
es  firm  in  New  York. 

Hoffman  says  Mony 
is  using  technology 
such  as  IDSs  at  the 
front  and  back  ends  of 
its  firewall  to  help  con¬ 
trol  access  to  internal 
networks  and  data.  He 
says  most  firewall  ven¬ 
dors  will  soon  begin 
building  intrusion- 
detection  capabilities 
into  their  products,  if 
they're  not  already  (see 


related  story,  page  12). 

Firewall  vendors  must  work  with  other 
security  product  developers  to  integrate 

their  products,  says  Tom  Warfield,  systems 
administrator  who's  in  charge  of  networking 
at  government  contractor  AST  in  Lawton, 
Okla.  Warfield  likes  that  his  firewall  supplier, 
Check  Point  Software,  does  so.  “Check 
Point  has  allowed  other  vendors  to  integrate  their  products 
into  the  firewall,  and  it  ensures  that  these  products  meet 
industry  standards  and  certification,"  Warfield  says.  He  cites 
one  such  partnership,  which  integrates  Symantec's 
Norton  AntiVirus  products  with  Check  Point's 
Firewall-1. 

"The  Norton  software  works  well  with  our 
firewall,"  Warfield  says.  “In  the  past  we  had  a 
lot  of  problems  with  people  downloading 
viruses  that  spread  through  the  company." 
The  firewall/antivirus  combination  has  been 
an  effective  solution,  he  says. 


Bob  Violino 
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When  it  comes  to  targeted  hacker  attacks,  Trojan  horses  and  spyware  preying 
on  your  data,  the  last  thing  you  want  is  to  “read  ail  about  it.”  Hackers  not  only  steal  and 
destroy  valuable  information,  they  undermine  your  customer  trust  and  brand  equity  —  wounds  that  can  leave 
you  bleeding  red  ink. 

No  need  to  get  paranoid  —  get  Zone  Labs.  Our  security  solutions  maintain  your  good  reputation  and  safeguard 
critical  data  by  protecting  your  enterprise  network  from  new  and  unknown  hacker  attacks.  In  fact,  Integrity  ”  is 
the  distributed  firewall  solution  that  protects  data  and  productivity  by  securing  vulnerable  remote  and  mobile 
PCs.  So  whether  you  need  centrally  managed  security  or  a  stand-alone  solution,  Zone  Labs  easily  protects  your 
entire  enterprise  network.  Which  is  good  news  for  you  and  bad  news  for  hackers. 


For  the  full  story,  call  us  at  1-877-876-4960  or  visit  www.zonelabs.com/hackerdefense  and  download  our 
whitepaper:  “New  Threats,  New  Solutions”  And  as  luck  would  have  it,  you’ll  find  plenty  of  information  on  all  our 
proven  enterprise  security  solutions. 


SMARTER  SECURITY 


Source:  2002  Computer  Crime  and  Security  Survey.  Computer  Security  Institute  and  FBI.  ©  2002  Zone  Labs.  Inc.  All  rights  reserved.  The  Zone  Labs  logo  is  a  registered  trademark  of  Zone  Labs,  Inc. 
Zone  Labs  Integrity  is  a  trademark  of  Zone  Labs,  Inc.  Zone  Labs  Integrity  protected  under  U.S.  Patent  No.  5.987.611.  Reg.  U.S.  Pat.  &  TM  Off.  V062402 
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Time  for  a,  .new 

security  model 


The  classic  goal- 
oriented  model 
for  security 
design  is  broken. 
Fixing  it  will 
require  new 
attitudes  toward 
security 
planning. 
By  Julie  Bort 


RICHARD  BORGE 


Confidentiality  integrity,  avail¬ 
ability:  The  security  industry 
declares  these  the  goals  of  com¬ 
puter  security  While  this  goal- 
oriented  approach  to  defining 
security  needs,  known  to  secur¬ 
ity  folk  as  the  “CIA  model,”  is 
good  as  far  as  it  goes,  it  no 
longer  goes  far  enough. 

Forged  in  the  early  days  of  the 
Internet’s  commercialization, 


the  classic  CIA  approach  took  ; 
on  authentication,  access  con-  i 
trol  and  nonrepudiation  as  goals  i 
in  the  mid-1990s.Since  then, this  ; 
model  has  become  standard  ; 
security  fare. 

But  the  goal-oriented  ap-  i 
proach  neglects  todays  critical  j 
security  needs,  where  attacks  i 
are  more  sophisticated,  frequent  i 
and  from  a  wider  range  of  i 


sources.  For  instance,  the  tradi¬ 
tional  architecture  for  imple¬ 
menting  the  CIA  model  —  the 
firewall-based  perimeter  —  is 
increasingly  ineffective. 

Worse  still,  the  goal-oriented 
approach  does  nothing  for  the 
other  half  of  good  security  plan¬ 
ning:  risk  assessment.  Risk  as¬ 
sessment,  which  guides  security 
managers  in  prioritizing  security 


YOU'RE  PROTECTED  AGAINST  HACKERS,  VIRUSES  AND  WORMS. 

BUT  WHAT  ABOUT  ROSE  IN  BENEFITS? 


eTrust'"  Security  Solutions 

Complete  protection  for  your  entire  enterprise. 

When  it  comes  to  protecting  your  business,  you  need  security  that  can  protect  your 
enterprise  from  potential  threats,  no  matter  where  they  may  come  from.  That's  exactly 
what  eTrust  does.  Our  family  of  products  allows  you  to  not  only  safeguard  your  entire 
enterprise,  but  also  view  and  manage  that  security  either  centrally  or  from  multiple 
delegated  locations.  So  you  can  continue  to  grow  and  maximize  new  opportunities 
while  minimizing  your  risk.  And  that's  security  you  can  feel  secure  about. 
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spending,  is  sorely  neglected 
even  in  organizations  that  ac¬ 
knowledge  its  importance. 

“We  use  CIA  as  a  guideline,  but 
the  majority  of  what  we  do  now 
is  a  ‘disaster-recovery’  model. 
What  can  we  live  without,  and 
what  is  the  impact  of  without? 
But  our  company  unfortunately 
has  not  done  a  lot  of  risk  assess¬ 
ment  —  only  to  say,  if  we  lost  it, 
what  does  it  hurt?” says  a  senior 


network  security  engineer  for  a 
global,  Fortune  100  food  corpo¬ 
ration  who  asked  not  to  be 
named. 

Despite  these  shortcomings, 
the  security  industry  and  users 
overwhelmingly  assume  that 
CIA  is  the  best  way  to  achieve 
high  security.  Network  execu¬ 
tives  can’t  afford  to  buy  into  that 
assumption. True,  confidentiality 
and  its  five  siblings  forever  will 
be  security  goals.  Yet  goals  are 
only  a  portion  of  the  plan. Other 
portions  should  be  risk  assess¬ 
ment  and  a  modified  version  of 
the  “tried  and  true”  demilitarized 
zone  (DMZ)  perimeter.  Critical, 
too,  is  the  need  to  recognize 
new  goals  as  they  emerge. 

Time  will  tell 

CIA  thinking  has  turned  secu¬ 
rity  planning  into  a  product 
game.  Security  equals  the  instal¬ 
lation  of  point  products  that  per¬ 
form  goal-oriented  tasks.  You  in¬ 
stall  encryption  for  your  confi¬ 
dentiality,  tokens  for  your  au¬ 
thentication,  firewalls  for  your 
access  control,  and  so  on.  If  a 
failure  occurs,  the  theory  goes, 
execution  is  to  blame  (a  missed 
patch  or  faulty  setup),  not  the 


underlying  design. 

But  chasing  after  goals  with 
products  is  a  flawed  tactic  on 
several  counts.  It  can  lead  to 
times  when  the  goal  is  achieved 
but  security  isn’t.  For  instance, 
128-bit  key  encryption  will  en¬ 
dow  critical  e-mails  with  confi¬ 
dentiality,  and  maybe  integrity 
but  it  won’t  stop  a  worm  at  the 
ISP  from  munching  messages 
before  recipients  read  them.  So 


while  the  security  goals  for  mes¬ 
sages  were  met,  the  business 
goal  of  ensuring  safe  delivery  of 
critical  information  was  not. 

Basing  security  on  achieving 
goals  sets  you  up  for  failure 
because  it  requires  always-per- 
fect  product  implementations 
(not  a  real-world  expectation), 
or  at  least  one  back-up  system 
for  every  product  (not  fiscally 
feasible  or  responsible). 

Far  wiser  is  basing  your  secur¬ 
ity  architecture  on  an  accept¬ 
able  percentage  of  time  goals 
should  be  met,  which  is  what 
risk  assessment  tells  you.  If  you 
know  how  much  money  a  spe¬ 
cific  breach  will  cost  the  com¬ 
pany,  you  can  determine  the 
acceptable  percentage  of  time  a 
security  goal  can  be  missed  and 
how  much  to  spend  on  defense. 

This  risk  assessment  will  let 
you  conquer  what  users  say  is 
security’s  biggest  hurdle:  obtain¬ 
ing  adequate  budgets. 

“Security  is  a  hard  sell  be¬ 
cause  if  I’m  doing  my  job  right, 
nothing  happens,” says  Matt  Ray¬ 
mond,  manager  of  information 
security  for  employment  agency 
Robert  Half  International,  in 
Pleasanton,  Calif. 


Risk  assessments  often  are  ne¬ 
glected  because  network  exec¬ 
utives  are  typically  technology 
specialists,  not  risk  analysts.  One 
model  that  simplifies  the  task  is 
time-based  security,  says  its 
developer  Winn  Schwartau,  se¬ 
curity  consultant,  author  and 
Network  World's  “On  Security” 
columnist. 

Time-based  security  lets  secu¬ 
rity  managers  “mathematically 


quantify”  security  risk,  Schwar¬ 
tau  says.  It  assumes  the  worst- 
case  scenario  —  no  security  — 
and  calculates  how  much  dam¬ 
age  could  be  done  in  the  time  it 
takes  a  company  to  detect  a 
hack  and  react  to  stop  it. 

“With  a  jewelry  store,  a  thief 


Security  in  lavers 


Burton  Group’s  “Virtual 
Extended  Network”  model 
is  an  alternative  to  tradi¬ 
tional  demilitarized  zones. 
Its  four  layers  represent 
security  techniques  for 
different  zones  of  use. 
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could  easily  breach  security  — 
just  hammer  through  the  win¬ 
dow.  But  that  triggers  an  alarm. 
How  much  a  thief  can  steal  in 
the  time  it  takes  the  police  to  get 
there  is  the  risk,”  Schwartau  says. 
“Detection  plus  reaction  equals 
risk.  This  is  identical  in  the 
cyberworld.”  The  trick  is  assess¬ 
ing  the  value  of  the  stolen  data, 
he  adds. 

When  following  this  model, 
security  executives  determine 
which  files  could  be  accessed 
in  a  specified  amount  of  time, 
such  as  the  four  days  Schwar¬ 
tau  says  it  typically  takes  to  real¬ 
ize  a  breach. 

Dividing  file  size  by  bandwidth 
will  pinpoint  the  amount  of  time 
a  hacker  would  need  to  grab 
that  file  and,  therefore,  which 
files  are  at  risk.  Myriad  other  for¬ 
mulas  give  security  managers 
other  measurements  of  risk, 
which  they  can  turn  over  to  risk- 
assessment  specialists.  Those 
specialists  can  determine  the 
value  of  that  data  (a  research 
and  development  database  or 
customer  billing  information) 
and  what  it’s  worth  to  secure. 

And  that,  users  say,  is  the  Holy 
Grail. “Executives  recognize  that 
things  need  to  be  done  for  com¬ 
puter  security  but  don’t  have  a 
real  understanding  of  what  the 
computer  systems  do.  I  need  to 
present  it  to  them  in  actuarial 
tables  —  the  way  they  under¬ 
stand,”  the  senior  network  secu¬ 
rity  engineer  says. 

No  more  Tootsie  Pops 

Network  executives  must  also 
revise  their  traditional  models  of 
implementation,  says  Howard 


"Security  is  a  hard  sell  because  if  I'm  doing  my  job 

right,  nothing  happens." 

—  Matt  Raymond,  manager  of  information  security  for  Robert  Half  International 
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Top  Layer's  IDS  Balancer 
enables  100%  coverage 
against  network  intrusions. 


NETWORK-BASED  INTRUSION  DETECTION  SYSTEMS  understand  session  and  flow  information, 

allowing  it  to  balance  on  a  session-by-ses- 

(IDSs)  play  a  critical  role  in  network  security  by  alerting  enterprises  sion  basis.  The  IDS  Balancer  can  pull 

when  intruders  are  knocking  at  the  door.  But  as  traffic  flow  increases  and  L'ara  from  mu*tiP'e  network  segments  and 

re-aggregate  the  session  before  presenting 

hacker  methods  become  more  damaging,  many  IDS  implementations  it  to  the  IDS,  enabling  the  IDS  to  see  the 

cannot  keep  pace,  creating  perfonnance  issues  that  compromise  security.  entire  conversation  and  properly  analyze 

a  potential  attack. 


Load  balancers  can  help  remedy  the 
problem  by  dividing  the  workload  among 
a  number  of  IDS  sensors.  But  IDS  load 
balancers  must  be  able  to  balance  traffic 
based  on  entire  streams  of  data,  each 
equivalent  to  a  “conversation,”  as 
opposed  to  dealing  with  individual  pack¬ 
ets.  Top  Layer  Networks’  IDS  Balancer  is 
one  such  product  that  does  just  that, 
while  at  the  same  time  enabling  cus¬ 
tomers  to  save  money  by  funneling  traffic 
from  multiple  links  to  a  single  IDS  sensor. 

IDS  limitations 

Depending  on  the  mix  of  policies  in 
place,  the  type  of  traffic  and  number  of 
signatures  or  anomalies  the  network  IDS 
must  monitor,  a  typical  100M  bps  IDS 
will  be  able  to  deliver  on  only  60%  to 
80%  of  its  rated  capacity.  Even  worse,  a 
Gigabit  IDS  will  keep  up  with  no  more 
than  40%  to  60%,  or  400M  to  600M  bps 
of  traffic. 

Switched  networks  compound  the  prob¬ 
lem.  To  monitor  all  data  in  a  switched 
network,  traffic  must  be  copied  to  a  single 
Switched  Port  Analyzer  (SPAN)  or  “mir¬ 
ror”  port.  This  port  will  thus  be  operat¬ 
ing  at  or  near  100%  utilization,  and  often 
will  drop  packets  entirely  when  it  can’t 
keep  up.  So  the  same  IDS  that  could 
monitor  only  40%  to  80%  of  traffic  on  a 
segment  that  was  not  fully  loaded  must 
now  deal  with  one  that  is  at  full  capacity. 
The  result  is  missed  intrusions. 


Another  issue  is  networks  that  employ 
asymmetric  routing,  often  used  when  a 
company  has  dual  Internet  connections. 
In  this  case,  packets  that  belong  to  the 


same  data  stream  may  take  different  paths 
to  their  destination,  making  it  impossible 
for  the  same  IDS  to  see  all  the  packets  in 
the  stream. 

Balancing  the  IDS  load 

The  resolution  to  these  issues  lies  in 
finding  an  intelligent  way  to  split  traffic 
from  multiple  segments  across  multiple 
IDS  sensors,  ensuring  100%  coverage, 
scalability,  and  fault  tolerance. 

Top  Layer’s  patented  Flow  Mirroring 
technology  enables  the  IDS  Balancer  to 


The  IDS  Balancer  also  helps  IDSs  keep 
pace  with  fully  loaded  network  segments 
by  balancing  the  load  across  multiple  sen¬ 
sors,  such  as  a  single  Gigabit  stream  bal¬ 


anced  across  multiple  100M  bps  sensors. 

Alternatively,  the  device  can  aggregate 
data  from  multiple  low-speed  links  and 
present  it  to  a  single  IDS  sensor.  This  can 
reduce  costs  for  the  enterprise  by  limiting 
the  number  of  sensors  it  needs  to  deploy 
to  attain  100%  coverage. 

“It’s  prohibitively  expensive  to  put  a 
sensor  on  every  viable  segment  of  the 
network,”  says  Mike  Paquette,  Vice 
President  of  Marketing  for  Top  Layer. 
“The  IDS  Balancer  enables  customers  to 
aggregate  and  balance  flows  to  achieve 
the  objective  of  100%  coverage.” 


Learn  more  about  effective  network  security  by  downloading  the  white  paper: 


100%  Coverage  with  IDS  Balancer 

Multiple  100M  bps  network  switches  can  feed  into  Top  Layer's  IDS  Balancer,  which  aggregates  the 
traffic  and  sends  it  to  a  smaller  number  of  IDS  sensors.  This  setup  improves  coverage  by  allowing 
the  IDS  to  monitor  traffic  on  all  segments  without  requiring  a  separate  sensor  for  each  segment 
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"Vulnerabilities  of  Network  Intrusion  Detection  Systems: 
Realizing  and  Overcoming  the  Risks,"  from  www.toplayer.com. 


Schmidt,  vice  chairman  of  the  j  promise. 

Critical  Infrastructure  Protection  i  “The  hard-shell/soft-chewy 
Board,  an  advisory  board  to  the  i  center  model  no  longer  works 
federal  government  on  national  •  in  an  era  of  virtual  enterprises,” 
IT  security  defenses.This  means  i  contends  Daniel  Blum,  Burtons 
overhauling  the  traditional  DMZ  i  senior  vice  president  and  re¬ 
design.  i  search  director  and  Network 

“I  call  it  the  Tootsie  Fbp  syn-  i  World  “Intranet  Advisor”  colum- 
drome  —  hard  outer  shell/soft  j  nist.“VEN  is  a  layered  defense.” 
chewy  center.  The  traditional  i  Specifically,  the  VEN  model 
way  we  look  at  network  security  i 
is  to  create  the  firewalls  and  en-  : 
vironment  to  keep  people  out.  i 
But  once  someone  is  inside,  he  j 
can  pretty  much  do  what  he  ; 
wants,”  Schmidt  says. 

Rather,  network  executives  i 
should  concentrate  on  securing  j 
all  pieces  of  the  network  puzzle  j  defines  four  logical  layers:  the 
—  clients,  wires,  servers  and  j  resource  layer,  which  houses 
applications, Schmidt  says.  :  clients,  servers,  applications 
But  securing  every  PC  and  :  and  data;  the  perimeter  layer, 
node  individually  can  create  a  i  which  defines  an  organization’s 
support  nightmare,  users  say  j  physical  boundaries  and  con- 
particularly  in  companies  with  ;  tains  firewalls,  proxies  and  gate- 
thousands  of  them,  in  hun-  j  ways;  the  control  layer,  where 
dreds  of  offices  across  half  a  i  authentication  services  reside 
dozen  countries.  j  as  do  controls  for  security  poli- 

The  new  Virtual  Enterprise  j  cies  across  layers;  and  the  ex- 
Network  (VEN)  security  mo-  ;  tended  perimeter,  where  corn- 
del,  created  by  research  firm  i  panies  engage  technologies  or 
Burton  Group,  offers  a  com-  i  services  to  secure  resources 

The  three  legs  of  security 

In  this  age  of  terrorism  and  sophisticated  cyber  threats, 
business  security  rests  upon  a  three-legged  defense. 


physically  located  outside  the 
perimeter. 

The  upshot  is  a  model  that 
builds  on  the  existing  infrastruc¬ 
ture,  but  plans  for  a  distributed 
perimeter,  Blum  says. 

Missing  the  goal 

While  goals  might  not  be  an 
appropriate  basis  for  your  entire 


is  not  a  stand-alone  event. 
Schwartau  says. 

“That  [building-access  card] 
database  should  talk  to  the 
other  databases  and  say,  ‘Hey, 
how  come  Bill  is  logged  into  his 
machine  if  he  wasn’t  in  the 
building?”’ he  says. 

As  for  people,  Schwartau  and 
Schmidt  make  two  points.  The 


'Traditional .  .  .  network  security  is  to  create  the  firewalls  and 
environment  to  k66p  p60pl.6  Olit.  But  once  someone 
is  inside,  they  can  pretty  much  do  what  they  want." 

—  Howard  Schmidt,  vice  chairman  of  the  Critical  Infrastructure  Protection  Board 


defines  four  logical  layers:  the 
resource  layer,  which  houses 
clients,  servers,  applications 
and  data;  the  perimeter  layer, 
which  defines  an  organization’s 
physical  boundaries  and  con¬ 
tains  firewalls,  proxies  and  gate¬ 
ways;  the  control  layer,  where 
authentication  services  reside 
as  do  controls  for  security  poli¬ 
cies  across  layers;  and  the  ex¬ 
tended  perimeter,  where  com¬ 
panies  engage  technologies  or 
services  to  secure  resources 


Computer  security  Physical  security 

Use  risk  assessment,  Integrate  physical 

CIA+  new  goals,  and  access  systems  with 

extended  enterprise  network  authoriza- 

planning  models.  tion  systems. 


Trustworthy 

people 

Know  who  you  give 
access  to.  Avoid 
consultants  from 
countries  that 
harbor  terrorists. 


security  model,  they  remain  an 
important  part  of  security  plan¬ 
ning.  But  you  shouldn’t  be  able 
to  count  off  the  whole  list  on 
one  hand.  One  addition  should 
be  the  protection  of  a  com¬ 
pany’s  reputation,  Schmidt  says. 

Users  agree.“If  you  have  a  Web 
site  and  all  of  a  sudden  some¬ 
one’s  selling  all  of  your  [cus¬ 
tomer]  names  off  your  site,  or 
they  end  up  putting  their  name 
on  your  Web  site,  your  reputa¬ 
tion  will  be  damaged,”  Robert 
Half’s  Raymond  says. 

Likewise,  brand  protection 
also  needs  to  be  a  security  goal, 
say  Schmidt  and  other  experts. 

Taken  together,  a  top-notch  risk 
assessment,  revised  DMZ  imple¬ 
mentation  and  expanded  goals 
make  for  complete  computer 
security  today.  Yet  this  plan  is 
only  one  leg  of  the  three- 
legged  cybersecurity  table. 
The  other  two  are  physical  se¬ 
curity  and  trustworthy  people, 
Schwartau  says. 

A  company’s  maintenance  or 
building  security  staff  tradition¬ 
ally  has  handled  building  ac¬ 
cess  and  other  physical  security 
systems,  without  input  from 
security  professionals  in  IT.  That 
needs  to  change  so  that  the 
swipe  of  a  building-access  card 


first  is  that  all  the  technology  in 
the  world  won’t  help  if  your  peo¬ 
ple  don’t  follow  your  processes 
for  auditing,  patch  maintenance 
and  other  ongoing  support.  The 
second  is  that  you  should  verify 
the  trustworthiness  of  anyone  to 
whom  you  will  be  giving  signifi¬ 
cant  network  access  by  running 
background  checks.  This  is  par¬ 
ticularly  important  when  hiring 
IT  contract  workers  in  countries 
known  to  harbor  terrorists, 
Schwartau  says. 

Strong  IT  security  can  only  be 
accomplished  if  all  of  the  table 
legs  are  equally  sturdy.  ■ 
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Provide  blade  server 
and  application  high 
availability;  optimize 
performance  with 
BIG-IP’  Blade  Controller 

Virtualize  application 
and  blade  server 
resources  to  create  a 
single  scalable  system 

Install  IP  traffic 
management  and  load 
balancing  on  all  leading 
blade  server  brands 


Ensure  correct  content 
and  applications  are 
delivered  without  fail 

Increase  flexibility 
and  economies  of  scale 
already  inherent  in 
Blade  Server  technology 

Customize  BIG-IP  to 
your  environment  easily 
with  iControl"'  API 


BIG-IP  Blade  Controller 
IP  Traffic  Management 


F5's  award-winning  BIG-IP®  software  delivers  intelligent 
traffic  management  for  IP  applications  and  services 
running  on  the  Leading  blade  server  hardware,  and  it's 
perfect  for  Large  enterprises  and  ISPs.  BIG-IP  provides 
application  and  server  high  availability,  security,  scale 
and  fault  tolerance  while  optimizing  the  performance 
of  individual  blades.  Plus  with  F5's  iControl™  API, 
it's  easily  customized.  Scale  up  and  out  with  BIG-IP 
and  leverage  your  investment  over  the  long  term. 
Try  the  future  now.  Download  a  full-function  30  day 
evaluation  copy  of  BIG-IP  Blade  Controller  software 
at  www.f5.com/blade  or  call  1-888-882-4447. 


►  CONTROL  YOUR  WORLD 


|  |  The  promise  of 

all-in-one 

security 


The  lure  of  simplicity  is  prompting  users  to  consider 
bundled  security  products.  By  Jennifer  Jones 


The  IDS  blades  watch  traffic  as 
it  crosses  the  switch  backplanes, 
defending  against  denial-of-serv- 
ice  and  other  attacks, Williamson 


At  least  three  times  per  week, 
Arkansas  State  University’s  net¬ 
work  is  threatened  by  a  vims, 
denial-of-service  attack  or  sys¬ 
tem  hack,  often  by  students  try¬ 
ing  to  tap  the  school’s  resources 
from  their  dorm  rooms. 

“The  reality  is  my  network  is 
my  own  worst  enemy” says  Greg 


Williamson,  associate  IT  direc¬ 
tor  at  the  Jonesboro  school. 

The  university  relies  on  multi¬ 
tasking  devices  to  stave  off  such 
attacks.  Arkansas  State  uses  four 
Cisco  Catalyst  6513  Gigabit 
Ethernet  switches  outfitted  with 
intrusion-detection  system 
(IDS)  modules.  IDS  belongs 


squarely  in  the  network’s  core, 
Williamson  says. 

“If  the  core  goes  down,  so 
does  the  network.  With  voice 
over  IP  running  on  the  network 
to  serve  resident  housing,  there 
is  a  high-level,  critical  need  for 
911  services.  The  network  can’t 
go  down,”  he  says. 


says.  They  simultaneously  moni¬ 
tor  multiple  virtual  LANs.  If  a 
blade  detects  malicious  or  unau¬ 
thorized  activity,  it  triggers  an 
alarm. 

Injecting  security  functions 
into  network  gear  like  routers 
and  switches  is  one  method  of 
integrated  security  attracting 
the  attention  of  enterprise  net¬ 
work  managers.  Another  is  tools 
that  blend  two  or  more  security 
functions,  such  as  IDS,  Internet 
filtering,  firewall,  vulnerability 
assessment, and  virus  scanning. 
Vendors  also  are  embedding 
security  features  into  nonsecu¬ 
rity  software  products,  such  as 
virus  scanning  into  e-mail. 

The  lure  of  simplification 

In  a  traditional  network  secu¬ 
rity  setup,  each  device  —  fire¬ 
wall,  IDS  and  vulnerability 
assessment  tool  —  has  its  own 
console.  Bundled  products 
promise  to  integrate  these,  an 
appealing  prospect  to  users. 

“The  benefits  of  using  inte¬ 
grated  solutions  to  us  would  be 
the  use  of  a  single  management 
console  to  manage  different 
security  layers,”  says  Aidan  Gar¬ 
cia,  network  services  manager 


blades  in  backbone  switches. 


:  at  Eastern  Bank  in  Boston. 

Mike  Cothren,  MIS  director  at 
i  the  Pulaski  County  Special 
i  School  District  in  Little  Rock, 
i  Ark.,  says  simplification  was  a 


In  a  world  where  there’s  a  different  kind  of  threat  every  day,  you  need  a  different  kind  of  security. 

New  threats  can  blow  through  any  firewall  or  anti-virus  software.  That's  why  you  need  the  RealSecure®  Protection 
System.  It  dynamically  detects,  prevents  and  responds  to  an  ever-changing  spectrum  of  online  threats  to  your  business. 
RealSecure  protects  your  networks,  servers  and  desktops.  And  it  provides  powerful,  centralized  management  that's 
both  simple  and  cost-effective.  No  matter  who  you're  up  against.  Call  us  at  800-776-2362.  Or  visit  www.iss.net/nww. 
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reason  his  organization  chose 
appliance  vendor  SonicWall, 
which  supplies  the  district  with 
the  SonicWall  Global  Manage¬ 
ment  System.  Along  with  firewall 
capabilities,  this  appliance  per¬ 
forms  Internet  filtering  by  check¬ 
ing  each  request  sent  from 
Pulaski’s  LAN  against  a  list  of 
unacceptable  URLs  and  IP 
addresses.  It  denies  requests 
deemed  inappropriate. 

“Trying  to  make  products  from 
different  vendors  work  together 
can  be  a  nightmare.  If  there  is  a 
problem,  each  vendor  will  point 
its  finger  at  the  other. This  allows 
you  to  work  with  one  tech  sup¬ 
port  shop  that  will  handle  all  the 
issues,”  Cothren  says. 

Integrated  products  also 
could  eliminate  duplicate  secu¬ 
rity  functions  and  lower  false¬ 
positive  alarms  —  incidents  in 
which  systems  report  problems 
that  have  not  occurred. 

“One  of  the  things  integrated 
vendors  claim  is  that  their  prod¬ 
ucts  will  have  people  spending 
less  time  on  worthless  adminis¬ 
trative  things  and  more  time  on 
critical  threats,”  says  Chris  Chris¬ 
tensen,  an  analyst  with  IDC. 

To  that  end,  vendors  have 
unleashed  a  wide  variety  of 
integrated  security  products. 

TippingPoint  Technologies, 
for  instance,  hawks  a  com¬ 
bined  firewall/IDS  device  the 
company  says  can  outperform 
software-based  offerings  and 
costs  less  because  it  is  part  of 
the  network  infrastructure. 

NetScreen  Technologies  says 
it  soon  will  support  IDS  and 
virus  scanning  on  high-speed 
devices  already  hosting  firewall 
and  VPN  software.  NetScreen’s 
offering  “certainly  would  be  an 

More  online! 

•  Hope  for  IDS.  DocFinder 
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attractive  thing,”  says  Chuck 
Horvat,  director  of  network  serv¬ 
ices  at  Divine,  a  service  provider 
in  Chicago  using  integrated  Net- 
Screen  appliances  at  all  27  of  its 
corporate  infrastructure  sites. 

Along  those  lines,  Nokia  and 
Internet  Security  Systems  (ISS) 
allied  last  year  on  RealSecure 
for  Nokia,  an  IDS  appliance  the 
vendors  say  will  build  on 
Nokia’s  firewall  capabilities. 

Other  alliances  include  a 
Network  Associates  and  ISS 
agreement  that  pairs  McAfee 
antivirus  technology  with  ISS’ 
RealSecure  IDS  products. 

SonicWall  user  Pulaski  County 
will  benefit  from  a  similar  part¬ 
nering  because  the  organiza¬ 
tion  is  poised  to  implement  Mc¬ 
Afee  antivirus  capabilities  on 
the  SonicWall  platform. 

“The  solutions  we  looked  at 
generally  would  require  a 
Windows  2000  server  to  man¬ 
age  virus  updates  to  the  work¬ 
stations,”  Cothren  says. 

Because  the  school  district  is  a 
Novell  shop,  adding  the  Microsoft 
servers  would  have  added  cost 
and  complexity  that  Cothren  pre¬ 
ferred  to  avoid,  he  says. 

Meanwhile,  Inktomi  an¬ 
nounced  in  April  that  it  had 
combined  virus  scanning,  con¬ 
tent  filtering,  user  authen¬ 
tication  and  access  controls 
into  its  caching  software, Traffic 
Edge  Security  Edition. 

In  contrast  to  product 
bundling,  Crossbeam  bills 
Version  2.0  of  its  X40S  appliance 
as  a  common  platform  for  run¬ 
ning  applications  from  leading 
security  vendors,  such  as  Enter- 
asys  Networks’  Dragon  Sensor 
IDS  and  Check  Point  Software’s 
firewall  and  VPN  software.  The 
company  suggests  the  device 
can  stand  in  place  of  servers, 
load  balancers  and  switches. 

E-mail  vendors  are  also  nailing 
down  security  alliances.  Rock- 
liffe  teamed  with  F-Secure  to 


inject  virus  scanning  into  Version 
5  of  its  MailSite  SE  software. 

Watch  for  laptop  and  mobile 
devices  to  join  the  crowd,  too, 
by  adding  authentication  like 
tokens  or  biometrics. 

A  hybrid  approach 

But  for  all  the  promise  and 
vendor  activity,  integrated  prod¬ 
ucts  have  a  spate  of  potential 
drawbacks.  For  instance,  IDS,  a 


commonly  bundled  techno¬ 
logy,  is  difficult  to  engineer. 
(Visit  www.nwfusion.com, 
DocFinder:  1431,  for  related 
story.)  And  users  like  Eastern 
Bank’s  Garcia  who  yearn  for 
easier  management  worry  that 
a  bundled  product  creates 
vulnerability. 

“The  shortcoming  that  has 
prevented  us  from  investigating 
integrated  solutions  has  been 
the  single  point  of  monitoring.  If 
hackers  could  find  a  way 
around  the  system,  they  would 
have  open  access  to  the  net¬ 
work  beyond  it,”  he  says. 

For  such  reasons,  analysts 
question  how  widely  enterprise 
users  will  accept  bundled  secu¬ 
rity  wares.  Eastern  Bank  has 
decided  to  forgo  them  for  now. 
It  stitches  together  dedicated 
products  from  vendors  like 
Network  Associates,  Garcia  says. 
Eastern  Bank  uses  McAfee  virus 


protection  suite  and  e-business 
server. 

A  hybrid  approach,  using  both 
dedicated  and  integrated  prod¬ 
ucts,  makes  sense  even  to 
Arkansas  State’s  Williamson,  an 
avowed  believer  in  integrated 
security  tools.  “It  has  to  be 
blended  at  this  point,”  he  says, 
characterizing  the  university’s 
planned  security  architecture. 
“But  while  the  integrated  pieces 


seem  to  work  better  for  us  in 
many  situations,  1  am  still  buy¬ 
ing  separate  appliances  as  well." 

The  university  employs  sever¬ 
al  stand-alone  IDS  appliances  to 
monitor  traffic  passing  through 
switches  and  uses  firewalls  at 
the  network  perimeter  and  in  a 
server  farm,  he  says. 

“I  can’t  look  at  a  single  secur¬ 
ity  appliance  or  integrated 
appliance  and  rest  knowing 
that  it  will  protect  me,”  says  Wi¬ 
lliamson,  who  says  that  the  uni¬ 
versity’s  ongoing  VoIP  upgrade 
makes  security  even  more  vital. 

“We  are  putting  in  100M- 
bit/sec  connections  to  poten¬ 
tially  hundreds  of  hackers  sit¬ 
ting  in  their  dorm  rooms,”  he 
says.Tm  not  going  to  put  all  my 
eggs  in  one  basket." 

Jones  is  a  freelance  writer  in 
Vienna ,Va.  She  can  be  reached  at 
jjwriterva@aol.  com. 
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All-in-one  packages 

Here  is  a  sampling  of  wares  that  combine  security  functions 
traditionally  provided  in  separate  devices. 

Vendor  Product 

Cisco 

Catalyst  6000  switch  family  with 
intrusion-detection  system  module 

Crossbeam  Systems 

Inktomi 

X40S  Open  Security  Appliance 

Traffic  Edge  Security  Edition 

NetScreenTechnologies 

NetScreen  series  appliances 

Nokia 

Nokia  IP  Security  platforms 

SonicWall 

SonicWall  Internet  security 
appliances 

TippingPoint  Technologies 

UnityOne  Network-Defense  Systems 

Protect  your  network  from  the  inside 
with  HFNetChkPro — the  easiest,  most 
reliable,  *most  widely  used  Security 
Patch  Management  solution. 

raaaBBBBHBBiEasa  Today,  the  majority  of 


HFNetChk<rro 


catastrophic  IT  security  breaches 
happen  when  security  patches 


Without  real  time 
patch  management, 
your  powerful  external 
IT  security  may  be 
leaving  you  exposed. 


are  missing.  Your  firewalls,  anti-virus  and  intrusion 
detection  systems  may  only  provide  part  of  the 
protection  your  network  needs. 

Featuring  PatchPush™,  HFNetChkPro  is  an 
automated,  real  time,  patch  inspection  and  push 
solution  designed  to  protect  your  network  from 
worms  and  other  attackers  that  get  past  your 
external  security.  Offering  direct,  real-time  access  to 
Microsoft's  security  update  database,  it  allows  you 
to  automatically  push  patches  out  to  remote 
computers  shortly  after  an 
update  is  issued — try  that 
without  HFNetChkPro! 

Plus,  its  powerful  100% 

Open  Patch  XML  database 
offers  detailed  analysis,  ease  of 
reporting  and  easy  customization. 

Try  HFNetChkPro  Free.  Visit  our  website  at 
http://www.shavlik.com/hfnetchk.asp  to  download  a 
demo  version.  For  more  information  on  this  and 
other  Shavlik  Security  products,  visit 
www.shavlik.com  or  call  us  toll-free  (800)  690-691 1 
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*Built  on  HFNetChk,  Microsoft's  widely  MlCrOSOft 
used  security  patch  scanner.  gold  certified 
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Complete  Security 

From  VPNs  to  high-speed  firewalls  and  VLANs ,  Nortel  Networks  ’ 
security  lineup  protects  the  enterprise  inside  and  out. 


THERE  IS  NO  HIDING 
FROM  CYBER  ATTACKS. 

If  your  enterprise  has  a  connection  to  the 
Internet,  sooner  or  later  you  can  expect 
some  form  of  attack  —  be  it  a  denial  of 
service,  virus  or  outright  system  penetra¬ 
tion  attack.  But  it’s  not  just  the  threat  from 
outside  that  you  need  to  worry  about.  In 
the  2002  Computer  Security  Institute/FBI 
Computer  Crime  and  Security  Survey, 
42%  of  respondents  reported  at  least  one 
security  incident  perpetrated  by  a  compa¬ 
ny  insider. 

Protecting  a  network  against  internal 
and  external  threats  requires  a  number  of 
end-to-end  security  technologies,  includ¬ 
ing  tools  that  provide  for  authentication, 
privacy,  authorization,  integrity  and  non¬ 
repudiation.  It’s  also  important  that  these 
security  tools  work  in  concert  with  one 
another,  which  is  no  mean  feat  given  the 
number  of  different  vendors  that  each  sell  a 
piece  of  the  puzzle. 

Nortel  Networks’  broad  range  of  secu¬ 
rity  products  meet  the  most  stringent 
requirements  of  both  enterprises  and  serv¬ 
ice  providers,  with  headroom  to  scale  as  the 


demand  for  greater  throughput  and  net¬ 
work  services  increases. 

Consider  this  lineup  of  Nortel 
Networks  products  that  play  a  role  in 
enterprise  and  service  provider  security: 

■  The  Contivity  IP  Services  Gateway  sup¬ 
ports  enterprise  IP  Security  (IPSec)  vir¬ 
tual  private  networks,  public  key  infra¬ 
structure  (PKI)  technology  for  trusted 
extranets,  and  includes  embedded  fire¬ 
walls. 

■  The  Shasta  5000  Broadband  Service 
Node  (BSN)  enables  service  providers  to 
offer  VPNs  and  a  suite  of  security  capa¬ 
bilities  including  firewalls,  encryption, 
network  address  translation  (NAT),  and 
denial  of  service  protection  for  enterpris¬ 
es  looking  to  outsource  these  services. 

■  The  Alteon  portfolio  of  switching  and 
security  products,  which  includes  the 
Alteon  SSL  accelerator,  multi-gigabit 
Alteon  Switched  Firewall,  and  content- 
aware  Web  switches  that  provide  load 
balancing  to  improve  the  performance 
and  scalability  of  firewalls,  VPNs  and 
intrusion  detection  systems  (IDS). 

■  Passport  8600  with  the  Alteon  Web 


Switch  module  provides  virtual  LANs 

(VLAN)  for  logical  separation  of  enter¬ 
prise  network  segments. 

Nortel  Networks  also  addresses  third 
party'  security  tools  as  well  as  availability 
issues  with  the  Alteon  Security  Cluster,  a 
high-speed,  scalable  platform  on  which  to 
run  security  applications  from  Nortel 
Networks  and  its  partners.  Besides  provid¬ 
ing  integration  and  centralized  control  of 
security  applications,  the  cluster  provides 
capabilities  including  Single  System  Image, 
which  makes  it  possible  to  more  simply 
and  efficiently  upgrade  security  software 
and  policies.  When  a  new  firewall  is  added, 
for  example,  it  is  immediately  updated  with 
the  configuration  and  rules  of  existing 
nodes  in  the  cluster,  significantly  reducing 
configuration  and  testing  time. 

Nortel  Networks  further  demonstrates 
leadership  in  the  security  field  with  the 
Secure  Routing  Technology  (SRT)  sup¬ 
ported  on  its  Contivity  platform.  SRT 
addresses  a  vexing  problem  with  the  IPSec 
protocol,  which  is  used  to  forge  secure, 
encrypted  VPN  tunnels  through  the 
Internet.  IPSec  does  not  provide  for  the 
exchange  of  dynamic  routing  information, 
which  means  tunnels  remain  chiefly  static 
in  nature.  That  means  enterprises  and  serv¬ 
ices  providers  must  perform  manual  con¬ 
figurations,  increasing  total  cost  of  owner¬ 
ship.  SRT  solves  the  problem  by  defining  a 
virtual  IP  interface  that  is  mapped  to  each 
IPSec  tunnel,  enabling  tunnels  to  appear  as 
simply  another  available  network  path  to 
the  routing  protocols  RIP  and  OSPF. 

Security  holes  are  a  threat  to  the  avail¬ 
ability  and  viability  of  any  enterprise  net¬ 
work  and  the  data  it  carries.  Nortel 
Networks  meets  the  threat  head-on  with  a 
lineup  of  high-performance  security  appli¬ 
cations  and  resilient,  scalable  hardware  that 
enables  enterprises  and  service  providers 
alike  to  protect  networks  end-to-end  from 
all  cyber  threats.be  they  internal  or  external. 


END-TO-END  SECURITY  SOLUTIONS 

- ► 


Passport  8600  ^ 


Enterprise 

network 


Access 

network 


4- 


Shasta  S000  BSN 


Alteon 

Content  Cache 


Contivity  IP 
Services  Gateway 


Alteon 
Web  Switch 


Internet 

backbone 


Alteon  SSL  . 
Accelerator 


Alteon  Web  Switch 


Alteon  Switched 
Firewall  System 


To  learn  more  about  Nortel  Networks  security  solutions  and  download  high-level  and 
technical  documentation,  visit:  www.nortelnetworks.com/solutions/security. 
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IBM  adds  automated  features  to  DB2 


I  BY  JAMES  NICCOLAI 

IBM  last  week  unwrapped  what  it  says  is 
t  major  upgrade  to  its  DB2  database, 
idding  automated  features  designed  to 
lelp  customers  reduce  operational  costs. 


■  Software  and  services  company 
Divine  is  unleashing  the  search  and 
categorization  capabilities  it  got  when 
it  acquired  Northern  Light  earlier  this 
year.  Divine  last  week  announced  Di¬ 
vine  SinglePoint  Search,  which  had 
been  available  only  as  a  hosted  ser¬ 
vice.  The  SinglePoint  search  engine 
lets  users  query  across  multiple  docu¬ 
ment  formats,  internally  and  exter¬ 
nally,  and  includes  an  extensive  taxon¬ 
omy  that  automatically  categorizes  re¬ 
sources.  SinglePoint  offers  customers 
a  17,000-term  taxonomy  that  Northern 
Light  assembled  over  several  years. 
Divine  SinglePoint  Search  runs  on 
Solaris.  Pricing  for  a  typical  implemen¬ 
tation  starts  at  about  $100,000,  the 
company  says,  www.divine.com 

■  BEA  Systems  last  week  announced 
support  for  a  new  Java  specification 
that  should  allow  for  greater  interop¬ 
erability  among  Web  services  applica¬ 
tions,  regardless  of  which  vendor's 
software  is  used  to  build  and  deploy 
them.  BEA  said  it  added  support  for  a 
certified  implementation  of  the  Java 
API  for  XML-based  Remote  Pro¬ 
cedure  Call  in  its  WebLogic  applica¬ 
tion  server.  JAX-RPC  defines  a  set  of 
standard  Java  APIs  that  let  customers 
create  XML-based  Web  services 
using  Simple  Object  Access  Protocol 
as  the  messaging  protocol.  The  Java 
Community  Process,  the  multivendor 
group  that  signs  off  on  new  Java 
standards,  approved  it  in  June.  JAX- 
RPC  should  let  Web  services  interop¬ 
erate  regardless  of  the  programming 
language  in  which  they  are  written  or 
the  platform  on  which  they  are  de¬ 
ployed.  Sun  has  posted  an  informa¬ 
tion  page  about  JAX-RPX  (see  www. 
nwfusion.com,  DocFinder:  1543). 


DB2  Version  8  also  adds  better  support 
for  Web  services,  which  are  technologies 
that  link  business  applications  over  the 
Internet, and  improved  the  databases  abil¬ 
ity  to  pull  together  data  stored  in  a  variety 
of  sources. 

IBM  unveiled  the  new  features  as  it  put  a 
beta  version  of  DB2  Version  8  on  its  Web 
site.  Details  of  pricing  and  availability  will 
be  released  in  the  fourth  quarter, when  the 
beta  test  is  completed  and  a  date  has 
been  set  for  the  final  release,  says  Brant 
Davison,  IBM’s  program  director  for  data 
management  strategy 

The  new  automatic  features,  dubbed 
“autonomic”  by  IBM,  are  Health  Center 
and  Configuration  Manager.  “We  use  the 
system  to  manage  itself,"  Davison  says.  In 
both  cases,  IBM  created  algorithms  that 
are  set  in  motion  after  a  database  admin¬ 
istrator  enters  information  about  the  data¬ 
base  environment. 

Health  Center  includes  a  user  interface, 
which  is  linked  to  monitoring  programs 


■  BY  ANN  BEDNARZ 

DEARBORN,  MICH.  —  Brick-and-mortar 
retailers  Wal-Mart  and  Kmart  last  year 
made  plans  to  reintegrate  their  spun-off 
Web  businesses,  deciding  it  doesn’t  pay  to 
completely  separate  e-commerce  opera¬ 
tions  from  the  rest  of  the  business.  Now 
automaker  Ford  has  come  to  the  same 
conclusion. 

Ford  Motor  Co.  is  disbanding  its  Con- 
sumerConnect  e-business  unit  and  saying 
goodbye  to  Karen  Francis,  CEO  at  the  divi¬ 
sion.  Considered  a  rising  star  when  she  was 
hired  last  year,  Francis  is  leaving  Ford  effec¬ 
tive  Aug.  1  after  15  months  with  the 
automaker.  Other  Ford  departments  will 
absorb  her  duties  and  the  group’s  350 
employees,  the  company  says. 

Industry  watchers  have  expected  Ford  to 
make  this  move  for  months,  says  Kevin 
Prouty,  research  director  for  automotive 
strategies  at  AMR  Research.“Ford  has  a  very 
big  back-to-basics  strategy  right  now,” 
Prouty  says.  “ConsumerConnect  by  itself 
didn’t  really  fit  into  that.” 

ConsumerConnect  initially  was  devel¬ 
oped  as  a  stand-alone  division  to  develop 
e-commerce  ideas,  much  like  General 


that  keep  tabs  on  various  parts  of  the  data¬ 
base,  such  as  memory  usage.  These  indi¬ 
cators,  taken  together,  give  an  overview  of 
the  “health”  of  the  database.The  database 
administrator  sets  thresholds  and  when 
Health  Center  finds  that  memory  use,  for 
example,  has  reached  a  certain  point,  it 
fires  off  an  alert. 

If  a  database  system  runs  short  of  mem¬ 
ory  or  if  a  query  is  taking  too  much  time 
to  run,  alerts  are  sent  via  e-mail,  pager  or 
PDA,  and  database  administrators  can 
make  the  required  adjustments  to  their 
database  through  a  Web  browser,  IBM 
says. 

In  Configuration  Manager,  the  database 
administrator  answers  questions  about  a 
specific  database  deployment,  such  as 
number  of  users,  or  whether  the  workload 
is  transactions  or  queries.  The  Configura¬ 
tion  Manager  program  then  automatically 
changes  more  than  50  database  settings  to 
match.  The  idea  is  to  reduce  the  time  it 
takes  to  configure  a  database  and  cut 


Motor’s  e-GM  division.  In  the  past,  Ford  and 
GM  formed  incubation  areas  “that  allowed 
people  to  go  out  and  think  differently  and 
try  doing  things  differently,  and  spend 
money  in  a  different  waj(’  Prouty  says. 

There  were  definite  successes  and  defi¬ 
nite  failures  with  this  approach,  Prouty 
says.  “The  biggest  failure  wasn’t  any  one 
investment,  it  was  more  that  some  of  these 
companies  weren’t  really  ready  to  change 
as  fast  as  these  incubation  areas  thought 
they  should,”  he  says. 

Ford’s  decision  to  redistribute  its  e-com- 
merce  initiatives  internally  echoes  similar 
juggling  during  the  last  few  months  at  GM, 
Prouty  says.  It’s  not  necessarily  a  sign  that 
the  automakers  are  cutting  back  on  e-com- 
merce,  but  a  realization  that  e-commerce 
shouldn’t  be  separated  from  the  rest  of  the 
business,  he  says.“What  Ford  and  GM  both 
realized  is  that  it  really  does  need  to  be  run 
from  inside  the  traditional  business  seg¬ 
ments,”  Prouty  says. 

Ford  spokesman  Paul  Wood  says  the  Con¬ 
sumerConnect  restructuring  is  not  a  money¬ 
saving  move  but  a  natural  evolution. 

“The  e-commerce  strategy  has  evolved 
to  a  point  where  a  lot  of  the  ideas  have 

See  Ford,  page  20 


back  on  the  need  for  frequent  manual 
tuning.  Administrators  typically  need  to 
configure  as  many  as  100  parameters  for 
their  database,  according  to  IBM;  DB2 
automatically  sets  some  of  those  parame¬ 
ters  based  on  responses  to  questions 
about  how  the  database  will  be  used. 

Version  8  extends  DB2’s  ability  to  work 
with  different  kinds  of  data  that  might  be 
stored  outside  DB2. 

“Inversion  8,  one  of  the  data  sources  can 
now  be  a  Web  service  —  anything  acces¬ 
sible  via  [Simple  Object  Access  Protocol], 
XML  and  [Universal,  Description, 
Discovery  and  Integration]  ”  Davison  says. 
DB2  makes  SOAP  requests  to  multiple 
Web  services,  aggregates  the  results  and 
hands  them  back  to  the  requesting  appli¬ 
cation.  Last  year,  IBM  introduced  a  feature 
that  lets  DB2  publish  its  data  via  Web  ser¬ 
vices  protocols. 

IBM  hopes  the  upgrade  will  help  it  to 
steal  further  business  from  rival  Oracle, 
which  last  year  narrowly  held  its  lead  in 
the  $7  billion  market  for  relational  data¬ 
base  management  software,  according  to 
Gartner.  Oracle  took  39.8%  of  new  license 
revenue  from  that  market  in  2001,  down 
from  42.5%  the  previous  year,  while  IBM 
increased  its  share  from  32.6%  to  34.1% 
over  the  same  period,  Gartner  reports. 

Oracle  released  an  upgrade  to  its  own 
database,  Oracle  9i,  last  month.  Release  2 
of  the  product  added  better  support  for 
XML  documents  and  a  list  of  tweaks 
designed  to  improve  performance  and 
reliability 

Other  new  features  aim  to  boost  query 
response  times  and  make  it  easier  to  man¬ 
age  and  retrieve  data  stored  in  the  XML 
format,  IBM  says. 

Niccolai  is  a  correspondent  with  IDG 
News  Service's  San  Francisco  bureau.  Net¬ 
work  World’s  John  Cox  contributed  to  this 
story. 
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Ford  recalls  e-comm  unit 

Exec  resigns  as  auto  giant  disbands  its  e-business  unit. 
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The  bits  at  the  end  of  the  Rainbow 


The  New  York  Times  reported  in  mid- 
July  that  some  of  the  big  guys  are 
now  thinking  seriously  about  hot 
spotting  the  wireless  landscape.  If  their 
plans  come  to  fruition,  we  could  be  well 
along  to  the  future  I  wrote  about  last  year 
(www.nwfusion.com,  DocFinder:  1533). 

It’s  hard  to  imagine  a  much  higher-pow¬ 
ered  group  of  companies  than  the  one  the 
Times  reported  as  having  been  involved 
in  “Project  Rainbow"  over  the  past  eight 
months.  Intel,  IBM,  AT&T  Wireless,  Verizon 
and  Cingular  Communications,  along 
with  other  companies  not  named,  have 


been  working  in  secret  to  put  together  a 
plan  to  provide  802.1 1-based  wireless  “hot 
spot"  service  in  public  spaces  such  as  air¬ 
ports.  Users  would  be  able  to  use  these 
802.11  sites  and  low-speed  cellular  for 
Internet  access  under  a  unified  billing 
plan. 

Intel  apparently  is  urging  on  the  effort  as 
part  of  its  plan  to  push  802.11  quite 
aggressively.  It  said  a  while  ago  that  its  plan 
is  to  have  20  million  portable  computers 
802.1 1 -enabled  in  2003,  expanding  to  a 
total  of  60  million  portable  and  desktop 
computers  by  the  end  of  2004. Things  are 
rosy  in  the  802. 1 1  world;  the  Times  reports 
that  7  million  802. 1 1  cards  were  sold  last 
year. 

Even  without  the  help  of  Project  Rain¬ 
bow,  802.11  is  popping  up  all  over  the 
place.  I’m  writing  this  column  sitting  in  a 
hotel  room  on  an  island  at  the  southern 
tip  of  Korea,  with  free  in-room  Ethernet- 


based  Internet  connections,  exchanging 
e-mail  with  a  colleague  sitting  a  few  hun¬ 
dred  miles  north  in  Seoul  in  a  bar  with 
free  802.1 1-based  Internet  service.  We  just 
finished  a  week  of  intense  activity  at  the 
Internet  Engineering  Task  Force  meeting 
in  Yokohama,  where  there  were  more  than 
1,400  people  using  the  802.11  network. 
There  also  was  experimental  802.11- 
based  Internet  service  in  the  first-class  car 
of  the  train  running  from  the  Tokyo  airport 
to  Yokohama. 

One  of  the  more  interesting  parts  of  this 
story  is  the  involvement  of  three  large  cel¬ 
lular  telephone  companies.  It  was  not  too 
long  ago  that  some  of  these  same  compa¬ 
nies  were  getting  ready  to  spend  billions 
of  dollars  to  acquire  licenses  for  radio 
spectrum  to  support  the  rollout  of  2.5G 
and  3G  cellular  technology  to  provide 
high-speed  data  services  to  cell  phones.  It 
might  be  that  these  wireless  companies 


think  they  can  have  their  cake  and  eat  it 
too  by  supporting  cellular  and  802.11 
technologies,  but  I  suspect  that  the  result 
will  come  down  mostly  in  favor  of  802.1 1. 

It  might  be  the  case  that  802. 1 1  is  not  the 
“best"  way  to  provide  wireless  Internet  ser¬ 
vice;  3G  cellular  might  give  better  cover¬ 
age  and  better  control  of  quality  of  ser¬ 
vice  but,  as  Bob  Braden,  a  long-term  Inter¬ 
net  geek, said,  the  lesson  of  the  Internet  is 
that  efficiency  is  not  the  primary  consid¬ 
eration.  Ability  to  grow  and  adapt  to 
changing  requirements  is  the  primary 
consideration.  802.11  has  shown  itself 
ready  to  do  this. 

Disclaimer:  Harvard  knows  how  to  grow, 
and  occasionally  adapt, but  has  expressed 
no  opinion  on  this  topic. 


Bradner  is  a  consultant  with  Harvard 
University's  University  Information  System. 


He  can  be  reached  at  sob@sobco.com. 


Symantec  blends  multiprotection  desktop  software 


■  BY  ELLEN  MESSMER 

CUPERTINO,  CALIF  —  Symantec  this 
week  will  announce  desktop  software  that 
combines  antivirus,  intrusion-detection 
and  firewall  protection  all  manageable  via 
a  single  Symantec  console. 

Client  Security  is  Symantec’s  first  multi¬ 


protection  desktop  software  aimed  square¬ 
ly  at  corporations  because  network  admin¬ 
istrators  can  control  and  configure  it 
remotely  —  all  from  the  Symantec  Systems 
Center  console.  When  it  ships  Client 
Security  on  Aug.  12,  Symantec  will  take  on 
vendors  such  as  Network  Associates,  Zone 
Labs  and  Trend  Micro  to  win  the  security 


battle  for  the  corporate  desktop.  The  com¬ 
pany  shipped  a  similar  product  last  year 
called  Norton  Internet  Security  Profes¬ 
sional,  but  it  was  for  home  use  only. 

Security  administrators  say  it’s  critical 
to  have  control  of  the  employee’s  desk¬ 
top  so  the  employee  can’t  alter  configu¬ 
ration  settings  or  even  turn  off  desktop 
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grown  and  now  we’re  putting  them  into 
day-to-day  use ’’Wood  says.“As  we  are  able 
to  develop  new  ideas  we  will.  But  having  a 
dedicated  organization  just  to  do  that  no 
longer  makes  sense.” 

Wood  says  the  e-business  activi¬ 
ties  that  the  ConsumerConnect 
group  developed  are  not  going 
away  but  are  being  integrated  into 
Ford’s  global  marketing  efforts. 

FordDirect.com  —  through  which 
Ford  doles  out  sales  leads  to  its 
dealers  —  is  still  going  to  exist  as  a 
stand-alone  entity,  reporting  to 
Ford’s  global  marketing  division, 

Wood  says.  The  same  goes  for 
MyFord.com,  Ford's  consumer  site 
for  post-purchase  services. 

Ford  will  continue  to  fund  Covisint,  the 
auto  marketplace  in  which  it  has  about  a 
30%  stake;  along  with  ConsumerConnect 
offspring  Percepta,  Ford’s  CRM  venture 
with  TeleTech. 

Folding  e-commerce  projects  into  tradi¬ 
tional  departments  has  good  and  bad 
implications,  Prouty  says.  Putting  e-com¬ 
merce  responsibilities  in  the  hands  of 
business  managers  is  a  good  thing  if  a 
company  has  forward-thinking  managers, 
he  says.“The  downside  is  you  may  end  up 
with  a  business  or  brand  manager  who 
doesn’t  really  understand  what  the  tech¬ 


ll  Despite  some  reports,  e-commerce  is  alive  and  well 
at  Ford.  In  fact,  e-commerce  is  evolving  into  its  next 
stage  of  a  very  long  life.99 

Karen  Francis 

President  and  CEO  of  Ford's  ConsumerConnect  e-business  unit,  January  2002 

I  iWe  have  spent  the  last  year  integrating 
the  [ConsumerConnect]  ventures  and 
technologies  into  the  basic  business.  That 
accomplished,  it  is  also  the  best  time  for 
me  to  leave  Ford  to  pursue  other 
opportunities.  9  9 

Francis  in  July  2002.  Francis  since  resigned,  effective  Aug.  1,  and  Ford  is  disbanding 
ConsumerConnect. 


nology  can  do.” 

Ford’s  decision  to  restructure  its  e-com¬ 
merce  efforts  comes  after  a  high-profile 
telematics  retreat  by  the  automaker.  In  June 
Ford  pulled  the  plug  on  its  18-month-old 
Wingcast  joint  venture  with  Qualcomm.  A 
telematics  initiative  out  of  the  Consumer¬ 
Connect  division,  Wingcast  was  launched 
to  provide  Ford  vehicles  with  onboard 
Internet  and  wireless  technology 

“[Wingcast]  spent  a  lot  of  money  with¬ 


out  really  delivering  anything,”  Prouty  says. 
Unconfirmed  reports  say  Ford  pumped 
more  than  $140  million  into  Wingcast. 

Ford  also  has  retreated  from  its  plans  to 
provide  all  employees  with  computers 
and  Internet  access.  And  last  fall.  Ford 
took  a  $199  million  charge  to  write-down 
“certain  investments  in  e-commerce  and 
automotive-related  ventures,”  the  com¬ 
pany  said  in  an  October  filing  with  the 
Securities  and  Exchange  Commission.  ■ 


protection. 

A  number  of  the  1 ,700  employees  at  Gen¬ 
eral  Casualty  Insurance  Companies  would 
turn  off  the  Norton  AntiVirus  application 
when  they  thought  it  was  interfering  with 
other  application  performance,  says  Kris 
Lang,  the  network  engineer  for  the  Sun 
Prairie,  Wis.,  firm. This  was  unacceptable  in 
terms  of  security,  and  it  contributed  to  the 
insurance  company’s  decision  to  switch  to 
Trend  Micro’s  desktop  security  software, 
because  administrators  can  lock  down 
configurations. 

Symantec  says  Client  Security  will  mark 
the  first  time  it  institutes  desktop  controls 
for  antivirus,  firewall  and  intrusion  detec¬ 
tion  that  can  only  be  changed  by  an 
administrator. 

“It  has  policy-setting  lockdown,” says  Gary 
Ulmer,  Symantec’s  group  product  manager. 
Client  Security  to  be  available  for  Windows 
and  XP  will  be  able  to  receive  updated 
virus  definitions  and  rules  remotely  at 
scheduled  intervals  without  users  being 
aware  of  the  remote  controls. 

Client  Security, said  to  cost  $46. 10  per  seat 
for  2,000  users,  also  will  include  software 
plug-ins  for  Microsoft  Exchange  and  Notes 
Domino.  It  will  be  available  in  several 
European  and  Asian  languages. 

To  encourage  companies  that  use  com¬ 
peting  products  to  switch  to  Symantec’s 
Client,  Symantec  is  readying  a  so-called 
uninstallation  tool  that  will  let  Symantec 
remotely  uninstall  a  competitor’s  prod¬ 
uct  and  remove  the  existing  software 
while  keeping  the  customer’s  security 
settings. 

Symantec:  www.symantec.com 
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(e>  business  is  the  game.  Play  to  win. 


I  software 


SECURITY 

MANAGEMENT 

PLAY 


1  ]  WIN  WITH  SECURITY:  It  isn’t  always  about  hackers,  e-business 
security  must  also  ensure  that  only  the  right  users  (within  and 
outside  of  your  company)  get  the  right  information  at  the  right  time. 

2]  WIN  WITH  TIVOLI:  Whether  it’s  granting  access  to  customers  or 
CEOs  on  PDAs, Tivoli  Security  Management  software  centrally 
secures  and  manages  your  network  across  multiple  platforms. Tivoli. 
Part  of  our  software  portfolio  including  DB2f  Lotus®  and  WebSphere® 

3  ]  MAKE  THE  PLAY:  Visit  ibm.com/tivoli/secure  for  a  white 
paper  on  how  Tivoli  Security  Management  can  maximize  your  ROI. 
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anaging  voice  and  data  networks. 


Users  learning  to  manage  VoIP  networks 


Managing  VoIP 

Users  offered  these  tips  for  keeping  a  VoIP  network  under  control: 

Have  priorities:  Prioritizing  traffic  will  give  voice  applications  the  bandwidth  it  requires 
to  perform  well  and  prevent  voice  and  data  applications  from  battling  over  bandwidth. 

2  Keep  it  simple:Try  to  use  industry  standard  protocols,  such  as  H.323  and  Session 
Initiation  Protocol,  to  increase  interoperability  across  the  VoIP  network. 

3  Check  with  callers:The  end-user  experience  must  be  considered  regarding  application 
transport  and  performance  to  ensure  the  desired  call  quality  is  met. 

4  Manage  one  network:  View  voice  and  data  network  performance,  events  and  failures 
from  one  console  to  determine  if  and  how  one  can  affect  the  other  and  how  to  better 
configure  the  network  to  help  both. 

Employ  a  jack-of-all-trades:  Many  data  network  professionals  are  not  experts  at 
voice,  and  vice  versa,  so  staff  training  on  both  sides  of  the  network  might  be  required. 


■  BY  DENISE  DUBIE 

Gary  Todd  knew  that  managing  a 

voice-over-IP  network  involved  a  lot 
of  preparation.  So  he  and  his  staff 
tapped  the  knowledge  of  specialists  with 
experience  in  data  and  voice  communi¬ 
cations  and  chose  VoIP  products  from  a 
vendor  with  a  telecom  background.  But 
he  still  learned  something  new  after 
implementing  the  network. 

“We  noticed  we  weren’t  allocating 
enough  bandwidth  to  the  voice  applica¬ 
tions,”  says  Todd,  Omni  American’s  assis¬ 
tant  vice  president  of  network  services. 

Todd,  along  with  Jim  Evans,  the  compa¬ 
ny’s  vice  president  of  IT,  soon  discovered 
they  needed  to  apply  quality-of-service 
(QoS)  technologies,  such  as  compres¬ 
sion  and  priority  routing,  to  the  voice  applications  so 
they  would  get  the  bandwidth  needed  to  perform 
across  the  data  network  at  the  Fort  Worth, Texas,  credit 
union. 

Implementing  QoS  is  one  step  network  executives  can 
take  to  help  manage  and  ensure  the  VoIP  network  they 
deployed  to  save  money  in  remote  office  connection 
costs  will  deliver  the  return  on  investment  they  want. 

But  users  also  must  manage  a  number  of  new  net¬ 
work  elements,  such  as  media  gateways  and  IP 
phones,  that  they  previously  didn’t  have.  IT  staff  also 
will  be  faced  with  more  traffic  to  manage  on  the  IP 
network,  and  new  voice  applications  could  affect  over¬ 
all  network  performance. 

The  need  to  manage  VoIP  environments  is  growing: 
According  to  a  recent  report  from  Cahners  In-Stat,cor- 

li  I  Voice  applications  are  very  demand¬ 
ing.  You've  got  to  give  them  everything 
they're  asking  for .11 

Jim  Evans 

Vice  president  of  IT,  OmniAmerican 


porate  adoption  of  IP  telephony  is  on  the  rise  with  the 
U.S.  market  for  VoIP  handsets  reaching  $1  billion  in 
2001. The  report  also  found  that  the  market  for  IP 
voice  gear  would  reach  $5  billion  by  2006  (see 
www.nwfusion.com,  DocFinder:  1521). 

“Voice  applications  are  very  demanding. You’ve  got 
to  give  them  everything  they’re  asking  for,”  Evans  says. 
“Make  sure  you  have  enough  bandwidth  and  that  the 
LAN  and  WAN  equipment  is  sufficient  for  the  voice." 

VoIP  poses  performance  challenges  perhaps  new  to 
some  network  executives.  Because  VoIP  technology 
puts  voice  information  into  a  digital  format  and  sends 
it  as  packets  across  the  IP  network,  packet  loss  and 
delay  become  major  flags  of  performance  problems. 
Jitter  also  is  a  problem  because  it  can  cause  delays 
or  drop  packets.  Voice  requires  a  steady  stream  of 
packets. 


Other  performance  management  challenges  are  call 
quality  and  clarity.  Call  quality  is  a  measure  of  conver¬ 
sational  performance,  while  call  clarity  is  more  about 
how  well  the  listener  can  hear.  Delay  has  more  of  an 
effect  on  call  quality,  or  a  conversation,  than  call  clari¬ 
ty,  or  a  one-sided  call  such  as  voice  mail. 

Vendor  input 

Many  vendors  are  looking  to  address  the  needs  of 
VoIP  users. VoIP  equipment  vendors  such  as  Avaya, 
Alcatel,  Cisco  and  Mitel  Networks  offer  software  that 
gives  customers  a  view  into  application  performance. 
These  tools  typically  rely  on  reading  the  VoIP  proto¬ 
cols,  such  as  H.323  and  the  Session  Initiation 
Protocol,  to  get  a  handle  on  how  fast  traffic  traveled 
the  network. 

Network  management  software  makers  such  as 
NetlQ,  NetScout,  Integrated  Research, Telchemy  and 
Brix  Networks  sell  VoIP-specific  products  that  can 
manage  voice  and  help  customers  understand  the 
performance  metrics  of  voice.  And  to  maintain 
one  consolidated  view  of  the  network, VoIP  software 
can  feed  the  voice-related  data  to  a  network  manage¬ 
ment  console  such  as  Hewlett-Packard’s  OpenView, 
Tivoli  Enterprise  Console  or  Computer  Associates 
Unicenter. 

OmniAmerican  uses  CajunView  VoIP  management 
software  from  Avaya  to  track  bandwidth  and  call 
statistics. 

“The  voice  industry  has  always  been  about  availabili¬ 
ty.  While  OK  for  data  at  times,  [less  than  100%]  is  not 
acceptable  to  a  voice  provider,” says  John  Dinan, 
telecommunications  analyst  at  the  Santa  Clara  County 
Office  of  Education  in  California. 

Dinan  has  yet  to  upgrade  to  VoIP  because  of  the 
potential  for  poor  call  quality. “There  are  still  many 
quality  issues.  Even  with  people  using  cell  phones, 
users  expect  high  quality  on  their  wired  phone.” 

In  terms  of  QoS,  OmniAmerican’s  IT  staff  is  doing  pri¬ 
oritization  on  the  Avaya  Cajun  data  switches,  with  port- 
specific  prioritization  on  a  few  select  data  ports.  Evans 
adds  that  latency  hasn’t  been  an  issue  due  to  the 
amount  of  available  bandwidth  they’ve  provisioned 
for  the  voice  applications. 

Todd  and  Evans  also  upgraded  servers  and  switches 


with  Avaya  equipment  and  installed  IP 
phones  at  remote  locations. 

Specifically,  they  upgraded  the  network 
with  voice-enabled  phone  switches 
and  dedicated  IP  phone  switches.The 
digital  phones  at  the  branches  commu¬ 
nicate  over  the  WAN  to  a  voice- 
enabled  switch,  giving  OmniAmerican 
one  unified  IP  phone  system,  a  central¬ 
ized  voice  mail  server  and  four-digit 
dialing  to  and  from  all  its  locations. 

With  the  VoIP  network,  OmniAmerican 
saves  about  $800  in  local  voice  circuit 
charges  per  month  at  each  of  the  compa¬ 
ny’s  13  remote  offices.Todd  says  the  net¬ 
work  upgrade  lets  OmniAmerican  save 
up  to  70%  in  connectivity  costs  using 
VoIP 

Management  help 

Some  enterprise  users  cannot  afford  the  investment 
required  to  manage  their  VoIP  networks.  Cohen 
Financial,  a  real  estate  investment-banking  firm,  decid¬ 
ed  to  outsource  its  VoIP  management.  John  Ahlberg, 
CIO  at  the  Chicago  firm,  says  the  company  wanted  to 
be  able  to  dial  four  digits  and  reach  any  of  its  10 
offices  across  the  country. 

“The  idea  of  voice  over  IP  was  great,  but  we  won¬ 
dered, ‘Once  it’s  installed,  who  are  going  to  be  the 
smart  people  to  manage  it?”’ Ahlberg  says.  He  needed 
to  buy  three  new  PBXs  and  find  the  expertise  to  man¬ 
age  the  VoIP  in  his  network,  which  “just  wasn’t  cost- 
effective.” 

The  firm  decided  to  enlist  the  services  of  NetSolve,  a 
management  service  provider,  to  oversee  the  VoIP  net¬ 
work  and  alert  staff  at  Cohen  of  network  problems. 

NetSolve  supplies  Cohen  with  the  equipment,  man¬ 
agement  tools  and  technology  expertise  to  manage 
VoIRand  NetSolve  uses  a  VPN  to  connect  to  the  firm’s 
network.  Ahlberg  says  using  NetSolve  made  investing 
in  the  new  technology  less  expensive  because  he  did¬ 
n’t  have  to  invest  in  three  new  PBXs  or  add  to  his  net¬ 
work  staff  to  manage  VoIP 

Cost  wasn’t  the  primary  concern  for  Brenda  Helm- 
inen,but  implementing  VoIP  still  saved  her  from  finan¬ 
cially  supporting  two  networks.  She’s  upgrading  to 
VoIP  to  centralize  and  standardize  her  voice  and  data 
networks.“It’s  cost  prohibitive  to  run  two  separate  net¬ 
works,”  she  says. 

Helminen,  director  of  telecommunications  engineer¬ 
ing  at  Michigan  Technological  University  in  Houghton, 
is  in  the  process  of  rolling  out  3,000  to  4,000  IP 
phones  across  campus.  Helminen  uses  local  switches 
and  OPS  Manager  software  from  Mitel  Networks  to 
ensure  her  phone  service  stays  available  She  says  the 
75  IP  phones  she  has  up  and  running  use  a  virtual 
LAN  supported  by  local  switches  to  traverse  the  net¬ 
work.  The  virtual  LAN  prevents  the  voice  applications 
from  having  to  compete  for  bandwidth  with  the  data 
traffic. 

“Phone  service  is  a  business  service.  Most  people 
don’t  see  it  as  an  IT  service,"  Helminen  says.“Pfeople 
expect  to  always  have  good  phone  service.  I  don’t 
want  to  take  any  chances  in  losing  service.”  ■ 
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HP's  ultra-reliable  rp7410  and  rp8400  midrange 
UNIX®  servers. 

HP  midrange  servers,  running  the  industry-leading  HP-UX 
Operating  Environment,  are  the  dependable  choice  for  your 
computing  needs.  They  are  a  powerful  consolidation  solution, 
and  with  the  lowest  total  cost  of  ownership  in  the  midrange 
server  space,  you'll  significantly  reduce  costs  in  hardware, 
management  and  administration.  And  since  the  rp7410  and 
rp8400  are  in  the  market  for  the  long  haul,  and  are  the  only 
midrange  servers  available  today  that  can  upgrade  to  the 
future  Intel®  Itanium®  Processor  Family,  they  are  truly  the 
servers  of  the  future. 

[  Find  out  why  HP  has  been  the  market  share  leader 
since  1997.  Visit  www.hp.com/large/ midrange  and 
request  your  free  HP  Midrange  UNIX  Server  white 
papers  now.  ] 


Midrange  UNIX  server  market  share  leader  according  to  International  Data  Corporation  (IDC)'s  Quarterly  Server  Tracker,  Q4CY2001,  published  March  8,  2002.  IDC  uses  price  points  to  differentiate  servers  into  entry-level  (which  is  up  to  $100,000),  mid-range  (which  is 
$100,000  -  $1  million)  and  higfvend  (which  is  $1  million  and  above).  Intel  and  Itanium  are  registered  trademarks  of  the  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trademark  of  The  Open  Group.  Offer  good  only  in  the  * 1  S 

©2002  Hewlett-Packard  Company  All  rights  reserved. 


Feeling 


in  a  world  of  “security  solutions”  ? 


SSH  Secure  Shell.  Essential. 

Poor  Packet.  It's  easy  to  get  lost  in  a  quagmire  of  complex  security  offerings.  Sometimes,  you  just  want  something  simple  —  that  works.  Like  SSH 

Secure  Shell.  We  invented  it.  It's  the  worldwide  de  facto  standard  —  essential  for  secure  remote  access,  with  millions  of  users  worldwide.  SSH 
offers  Secure  Shell  in  a  robust,  fully-supported  commercial  grade  release  that's  perfect  for  any  enterprise.  Once  launched,  it  provides  transparent, 
strong  authentication  —  encrypting  passwords  and  securing  communications  over  any  IP-based  connection. 

So  to  find  your  way  home ,  come  visit  us  at  www.ssh.com. 


*  2002 


2002  SSH  Communications  Security  Corp.  Ail  rights  reserved,  ssh  is  a  registered  trademark  of  SSH  Communications 
Security  Corp  in  the  United  States  and  in.  certain  other  jurisdictions.  SSH2.  the  SSH  logo,  IPSEC  Express,  5SH  Certifier,  SSH 
QuickSec.  SSH  Sentinel,  Making  the  Internet  Secure  and  Packet  the  Dog  are  trademarks  of  SSH  Communications  Security 
Corp  and  my  be  registered  in  certain  jurisdictions.  Alt  other  names  and  marks  are  property  of  their  respective  owners. 
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■  WIRELESS  ■  REGULATORY  AFFAIRS 


International  carriers  also  feeling  pain 

Experts  say  users  need  to  keep  a  close  eye  on  financials,  staff  changes. 


Choppy  waters 


Overseas  carriers  have  had  their  share  of  trouble  recently. 


Deutsche  Telekom:  German  carrier  ousted  its  CEO  earlier  this  month  amid  investor 
concerns  about  the  telco's  financial  performance. 


KPNQwest:  One  of  Europe's  largest  data  providers,  the  company  went  bankrupt 
suddenly  in  May,  leaving  customers  scrambling  for  new  connections. 

Teleglobe:  The  international  voice  and  data  carrier  went  bankrupt  in  May,  saying 
it  would  restructure  around  its  voice  business. 

Global  Crossing:  Declared  bankruptcy  in  January,  claiming  more  than  $20 
billion  in  liabilities. 

..  •  .  ■  '■  _  ■ 
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■  BY  MICHAEL  MARTIN 

The  chaos  wracking  the  telecom  industry 
in  the  U.S.also  is  taking  a  toll  overseas,  forc¬ 
ing  U.S.  multinationals  to  take  the  same  pre¬ 
cautions  internationally  that  they  take  at 
home.  These  include  using  multiple 
providers,  not  committing  too  much  to  any 
one  provider  and  having  contingency 
plans  in  place  in  case  a  provider  fails. 


■  Managed  infrastructure  service 
provider  Interliant  is  quickly  running 
out  of  cash.  The  company  announced 
last  week  that  it  does  not  have  enough 
cash  to  fund  operations  beyond  the 
end  of  the  quarter.  Interliant  execu¬ 
tives  blamed  the  weak  economy  and  a 
delay  in  the  sale  of  one  of  Interliant’s 
business  divisions  for  the  situation. 
The  news  comes  less  than  two  weeks 
after  Interliant  was  delisted  from 
Nasdaq.  Interliant  is  considering  all 
options  and  has  hired  Traxi  LLC  as  its 
financial  adviser  to  help  it  explore 
ways  to  regain  its  financial  footing, 
including  a  possible  Chapter  11  bank¬ 
ruptcy  filing. 

■  Internet  traffic  in  North  America 

is  on  track  to  grow  85%  in  2002,  but 
revenue  remains  down,  primarily  be¬ 
cause  of  pricing  pressures  and  a  slow 
rollout  of  new  IP  services,  according 
to  telecommunications  research  firm 
RHK.The  firm  found  that  revenue  per 
bit  actually  would  decline  by  46%  this 
year  as  customers  make  better  use  of 
higher-bandwidth  connections  and 
take  advantage  of  price  breaks.  Rev¬ 
enue  is  expected  to  total  $15.7  billion 
for  the  year.  AT &T  and  WorldCom 
lead  the  market,  but  RHK  expects 
AT &T  to  grow  faster  than  WorldCom 
and  become  the  clear  leader  in  the 
next  month  or  two.  WorldCom  leads 
in  revenue  for  Internet  services  and 
is  expected  to  hold  that  lead  through¬ 
out  the  year,  despite  its  recent  bank¬ 
ruptcy  filing. 


Certainly  the  most  dramatic  internation¬ 
al  telecom  failure  has  been  the  May  bank¬ 
ruptcy  of  KPNQwest,  one  of  Europe’s 
largest  data  providers.  KPNQwest  gave  its 
approximately  100,000  business  cus¬ 
tomers  five  weeks  to  find  new  providers. 

Earlier  this  month,  Deutsche  Telekom 
removed  the  company’s  CEO  amid 
investor  concerns.  Earlier  in  the  year 
international  voice  and  data  provider 
Teleglobe  declared  bankruptcy  as  did 
Global  Crossing.  And  WorldCom,  which 
declared  bankruptcy  this  month,  also  is  a 
major  international  telecom  provider. 

Global  Knowledge,  an  IT  training  orga¬ 
nization,  was  one  of  KPNQwest’s  cus¬ 
tomers.  The  company  has  16  sites  in 
Europe  that  were  connected  to  KPN¬ 
Qwest’s  Ebone  IP  backbone  through  a 
managed  VPN  service. 

Global  Knowledge  couldn’t  find  a  man¬ 
aged  VPN  service  from  another  Tier  1 
provider  at  an  affordable  price,  so  the 


■  BY  JENNIFER  MEARS 

ARMONK,  N.Y  —  IBM  is  expanding  the 
scope  of  its  hosting  services  by  adding  sup¬ 
port  for  SAP  and  Siebel  applications,  as 
well  as  for  its  WebSphere  Application 
Server. 

IBM’s  Application  Hosting  Service  gives 
customers  access  to  computing  resources 
within  IBM’s  e-business  hosting  centers 
around  the  globe.  IBM  also  is  making  use 
of  its  SAP  and  Siebel  expertise  to  manage 
and  monitor  the  software  deployments. 

Customers  purchase  their  own  software 
licenses,  either  independently  or  through 
IBM,  and  IBM  handles  the  logistics,  says 
Dave  Mitchell,  global  offering  manager  for 
application  hosting  services  within  IBM 
Global  Services. 

“We’re  going  beyond  managing  infra¬ 
structure  and  moving  into  the  application 
layer,  and  providing  support  services  for 
application  monitoring  and  application 
administration,"  he  says. 

The  SAP  offering  includes  support 
for  enterprise  resource  planning  and 
mySAPcom  applications  over  the  Internet. 
With  Siebel,  IBM  is  providing  support  for 
Siebel  7  general  and  industry-specific 


company  used  DSL  connections  from 
local  telecom  providers  instead,  says  Phil 
Beard,  senior  network  engineer.  Despite 
still  not  having  connections  for  three  of 
his  sites,  Beard  says  he  isn’t  unhappy  with 
the  way  KPNQwest  handled  the  situation. 


applications.  The  WebSphere  service 
offers  WebSphere  Application  Server  4.0 
or  WebSphere  Commerce  Professional 
Edition  5.4. 

Nationwide  gift  retailer  Things  Remem- 

Application  hosting 

IBM  is  expanding  its  application 

hosting  capabilities. 

Already  supports:  Will  now  add: 

•  Ariba  •  Siebel 

•  i2  •  SAP 

•  PeopleSoft  •  WebSphere 

•  Lotus  Web 
conferencing 

bered  uses  IBM  to  host  its  WebSphere 
Commerce  application,  which  operates 
within  the  company  Web  site.  Mark  Fodor, 
director  of  e-business  at  Cole  National,  the 
parent  company  of  Things  Remembered, 
says  IBM’s  service  gives  him  flexibility  to 
respond  to  spikes  in  traffic  during  hot 
shopping  periods. 

Customers  reluctant  to  move  into  a  com¬ 
pletely  outsourced  model  can  take  advan- 


“They  did  as  much  as  they  could,”  he 
says.  “They  gave  everyone  as  much  warn¬ 
ing  as  possible.” 

Many  of  the  problems  in  the  internation¬ 
al  market  are  the  same  as  in  the  U.S,. 

See  Foreign,  page  27 


tage  of  IBM’s  Services  Anywhere  option,  in 
which  IBM  hosts  the  application  but  the 
physical  infrastructure  remains  on  the  cus¬ 
tomer  premises.  In  instances  where  the 
application  is  hosted  in  IBM  data  centers, 
customers  are  given  real-time  access  to  sys¬ 
tem  performance  through  IBM’s  e-business 
Hosting  Connection  portal. 

“We  looked  for  reasons  why  customers 
were  not  outsourcing  SAP  and  Siebel, and 
it  came  down  to  three  things:  concerns 
over  control,  capital  investment  and  com¬ 
plexity!’  Mitchell  says.  “These  offerings  are 
built  to  address  those.” 

Analysts  say  IBM’s  announcement  lends 
credibility  to  the  application  service 
provider  (ASP)  model,  which  has  taken  a 
beating  during  the  past  year  or  so. 

“IBM  has  all  the  skills  and  resources  to 
be  the  largest  and  most  successful  ASP  if 
it  wanted  to  be.  But  it  hasn’t  really  put  its 
attention  on  this  market  for  whatever  rea¬ 
son,”  says  Jessica  Goepfert,an  analyst  with 
IDC.  “They’ve  grappled  with  what  role  to 
play  and  here  they  are  coming  out  pretty 
strong  saying  we  do  have  our  own  direct 
offering.” 

Pricing  for  the  application  hosting  ser¬ 
vices  varies  by  customer.  ■ 


IBM  expands  hosting  service  options 
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Don't  forget  about  the  good  that  WorldCom  wasted 


EYE  ON  THE 
CARRIERS 

Johns  Till 
Johnson 


Unless  you’ve  been  hiding  under 
a  rock  for  three  months,  World- 
Corn’s  bankruptcy  filing  came  as 
no  surprise. 

What  is  surprising  is  the  degree  to  which 
former  CEO  Bernie  Ebbers  pulled  off  what 
was  essentially  little  more  than  a  Ponzi 
scheme.  1  used  to  joke  that  Ebbers  was  in 
the  business  of  “buying  companies  and 
selling  stock.”  Unfortunately  for  WorldCom 
employees,  shareholders  and,  most  of  all, 
customers,  it  turned  out  not  to  be  a  joke. 

That  makes  me  angry  A  lot  of  people  are 
furious  at  the  way  they’ve  been  gypped. 
But  now  that  the  music’s  over  and  man¬ 
agement  is  scurrying  for  cover,  it’s  worth 
spending  a  minute  to  remember  the  com¬ 
pany  that  was  before  the  darkness  set  in. 

As  pretty  much  everybody  knows,  World¬ 
Com  was  created  through  a  series  of  acqui¬ 
sitions  that  included  truly  world-class  pro¬ 
viders  such  as  MCI  and  UUNET.  Getting 
acquired  by  WorldCom  ultimately  “eroded 
the  value”  of  these  companies,  as  the  finan¬ 
cial  wizards  say. 

1  prefer  to  describe  it  thus: Years  of  hard 
work  by  honest,  talented  people  was 


wasted  by  the  greed  and  blindness  of  the 
gang  at  the  top. 

Remember  MCI?  Many  of  my  friends  and 
colleagues  worked  there,  building  one  of 
the  finest  voice  and  data  networks  in  the 
world,  delivering  cutting-edge  services  and 
regularly  beating  every  other  carrier  to  the 
punch.  MCI  was  known  for  great  technolo¬ 
gy  and  great  marketing.  Customer  service 
was  always  somewhat  spotty,  but  in  the  old 
MCI,  you  usually  could  count  on  your 
account  team  going  above  and  beyond  the 
call  of  duty  to  fix  whatever  went  wrong. 

MCI  was  one  of  two  telephone  compa¬ 
nies  that  truly  understood  the  Internet  and 
invested  millions  of  dollars  in  Internet  tech¬ 
nology  before  most  of  the  world  could 
spell  IP  MCI  had  AT&T  playing  catch-up  for 
more  than  a  decade  —  no  small  accom¬ 
plishment. 

And  UUNET?  Aside  from  having  world- 
class  technology  and  transporting  some 
70%  of  Internet  backbone  traffic,  UUNET 
was  one  of  the  only  profitable  ISPs.  Back  in 
the  day,  if  you  wanted  service  from  UUNET, 
you  called  (former  Chief  Scientist)  Mike 
O’Dell’s  home  phone  number.  From  that 
inauspicious  beginning  grew  one  of  the 
Internet’s  most  spectacular  success  stories. 

That  brings  me  to  the  final  point.  I’ve 
heard  noise  about  how  John  Sidgmore, 
WorldCom’s  current  CEO  and  the  former 
CEO  of  UUNET,  might  not  be  the  right  guy 
to  lead  WorldCom,  for  various  cockamamie 
reasons.  I’ve  known  Sidgmore  for  years.  He’s 
an  honest  man  and  an  outstanding  busi¬ 
nessman  whose  biggest  mistake  was  selling 
his  company  to  a  bunch  of  hustlers.  He  will 


Foreign 

continued  from  page  25 

where  telecom  firms  spent  billions  of  dol¬ 
lars  building  out  networks  and  the 
demand  for  bandwidth  hasn’t  increased 
to  keep  up  with  supply.  Compounding  that 
problem,  at  least  in  Europe,  is  that  many 
European  carriers  spent  exorbitant  sums 
to  secure  licenses  for  3G  wireless  services 
and  are  now  deeply  in  debt. 

Brownlee  Thomas,  an  analyst  with  Giga 
Information  Group,  says  the  worst  of  the 
fallout  in  the  international  telecom  market 
is  over.  However, she  warns,  it’s  not  impossi¬ 
ble  that  another  accounting  problem, such 
as  the  one  that  undid  WorldCom,  could 
crop  up  at  another  international  carrier. 

One  factor  working  in  favor  of  some  inter¬ 
national  carriers  is  that  they  are  govern¬ 
ment-owned  and  a  government  isn’t  likely 
to  let  a  carrier  slide  into  financial  disarray 

“If  they’re  not  government-owned, 
though,  they  have  some  vulnerability" 
Thomas  says. 

Of  the  remaining  Tier  1  international  pro¬ 
viders,  Giga  ranks  Equant  and  Cable  & 
Wireless  as  the  most  financially  stable,  fol¬ 
lowed  closely  by  AT&T  with  WorldCom  and 
Infonet  bringing  up  the  rear. 

Thomas  says  business  customers  need  to 
track  their  carriers’  financial  performance 
and  keep  a  close  eye  on  staff  turnover  and 


executive  changes.  Going  with  a  carrier 
only  because  of  technology  or  price  isn’t  a 
good  idea  in  the  current  market, she  says. 

Giga  also  recommends  users  commit  no 
more  than  65%  of  their  expected  total 
telecommunications  spending  to  one  car¬ 
rier.  And  where  possible,  users  should 
include  out  clauses  in  their  contracts, 
based  on  the  market  performance  of  their 
carrier. 

One  out  clause  that  won’t  work  is  any¬ 
thing  based  on  a  Chapter  1 1  bankruptcy  fil¬ 
ing.  Once  Chapter  11  is  filed,  customers  are 
locked  into  their  existing  contracts, 
whether  they  have  a  clause  freeing  them 
from  obligation  because  of  a  Chapter  1 1  fil¬ 
ing  or  not,  according  to  Hank  Levine,  a 
partner  in  telecom  consultancy  Levine, 
Blaszak,  Block  &  Boothby  ■ 
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do  everything  in  his  power  to  salvage  what 
can  be  salvaged  of  the  hard  work  and  ded¬ 
icated  effort  that  went  into  building  his 
company  and  the  others  that  were  sacri¬ 
ficed  on  the  altar  of  unremitting  greed. 

Will  it  be  enough?  Let’s  hope  so. 


Johnson  is  senior  vice  president  and  CTO 
for  Greenwich  Technology'  Partners ,  a  lead 
ing  network  consulting  and  engineering 
firm.  She  can  be  reached  at  johna@green 
wichtech.com. 
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Customers  worldwide  are  reaching  their 
Metro  destinations  the  same  way:  they’ve 
chosen  the  RS  38000  because  it  delivers  the 
unique  combination  of  service  creation  and 
high-availability  networking  required  at  the 
core  of  the  world’s  largest  Metropolitan  Area 
Networks.  With  170  Gigabit  of  switching 
capacity,  the  RS  38000  offers  the  richest 
array  of  metro-optimized  services  over  the 
widest  range  of  network  interfaces.  Using 
hardware-based,  metro-optimized  MPLS,  the 
RS  38000  provides  cutting-edge  IP  services 
such  as  Bandwidth-on-Demand,  Virtual 
Leased  Lines,  and  Transparent  LANs. 


The  RS  38000  also  sets  the  industry 
standard  for  high-availability  Metro  networking. 
Riverstone’s  Hitless  Protection  System  (HPS) 
enables  live  software  upgrades  and  control 
module  restarts  without  disrupting  customer 
traffic.  Full-hardware  redundancy  and  software 
resiliency  features  such  as  VRRP,  RSTP, 
ring-optimized  RSTP,  and  graceful  routing 
restart  make  the  RS  38000  a  true  carrier-class 
router.  Which  is  why  it’s  already  converting  raw 
bandwidth  into  profitable  services  in  the 
world’s  largest  Metropolitan  Area  Networks. 


THE  RS  38000  POWERS  THE  WORLD'S 
LARGEST  METRO  NETWORKS. 
ARE  YOU  ON  BOARD? 


Get  on  board  now.  Contact  us  at  877-778-9595 
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Cisco  struggling  to  have  its  VoIP  heard 


■  BY  JIM  DUFFY 

SAN  JOSE  —  Undaunted  by  the  incum¬ 
bency  rivals  enjoy  with  carriers,  Cisco  says  it 
too  will  soon  be  able  to  trumpet  successes 
in  service  provider  packet  telephony 

Ciscos  leadership  in  enterprise  voice 
over  IP  is  well  understood,  because  of  the 
company’s  near  monopoly  position  in 
enterprise  data  networks.  But  Cisco’s  for¬ 
tunes  in  service  provider  packet  telepho- 


■  Gold  Wire  Technology  last  week 
announced  that  its  Formulator  line  of 
network  configuration  control  appli¬ 
ances  now  support  VPN  and  firewall 
products  from  Cisco  and  NetScreen 
Technologies.  This  lets  network  oper¬ 
ators  and  security  directors  use  one 
system  to  configure  most  VPN  and 
firewall  devices  in  their  network,  Gold 
Wire  says.  The  Formulator  line  sup¬ 
ports  NetScreen's  NetScreen  Sys¬ 
tems  and  Appliances  products,  and 
Cisco’s  PIX  Firewall  series.  Formu¬ 
lator  also  supports  routers  and 
switches  from  Riverstone  Networks 
and  Nortel. 

■  Riverstone  Networks  has  an 

nounced  that  Miami  service  provider 
Ntera  has  deployed  the  company’s 
metropolitan  routers  in  its  voice-over- 
IP  network  to  deliver  more  than  600 
million  call  minutes  per  month.  Ntera 
has  installed  Riverstone's  RS  8000 
routers  as  aggregation  and  core  de¬ 
vices  in  more  than  30  points  of  pres¬ 
ence  worldwide.  The  routers  deliver 
voice  services  and  applications,  such 
as  toll-bypass  and  prepaid  calling,  to 
carriers,  corporations  and  consumers. 
The  routers  connect  Ntera’s  voice 
gateways  and  the  Internet,  and  aggre¬ 
gate  and  groom  IP  traffic.  Ntera  uses 
Riverstone's  Hitless  Protection  Sys¬ 
tem  to  help  ensure  toll-quality  voice 
over  dedicated  bandwidth  and  the 
Internet,  Riverstone  says.  HPS  is  de¬ 
signed  to  increase  network  uptime 
and  avoid  lost  revenue.  Financial 
terms  were  not  disclosed. 


ny  have  been  less  evident,  even  though 
the  company  says  it’s  been  pleased  with 
its  results. 

“We  feel  reasonably  positive,  particularly 
as  we  run  some  of  the  largest  VoIP  networks 
in  the  world,  most  notably  the  ones  in  the 
People’s  Republic  of  China,”  says  Phil  Sher¬ 
burne,  general  manager  of  Cisco’s  packet 
telephony  call  control  division.  “In  service 
provider  packet  telephony  overall,  we  cer¬ 
tainly  view  ourselves  as  very  much  partici¬ 
pating  and  as  having  been  quite  successful 
in  a  large  number  of  service  provider  pack¬ 
et  telephony  deployments.” 

Cisco  will  announce  some  packet  tele¬ 
phony  wins  this  fall,  focusing  predomi¬ 
nantly  on  voice  over  broadband,  such  as 
Ethernet  and  cable.  Voice-over-broadband 
access  is  Cisco’s  sweet  spot  in  service  pro¬ 
vider  packet  telephony 

Analysts  await  further  clarity  in  Cisco’s 
service  provider  packet  telephony  strategy 

“Cisco  has  a  great  packet  telephony  story 
for  enterprise-based  solutions,  but  it’s  been 
unclear  what  their  direction  is  with  respect 
to  voice  over  IP  in  service  provider  mar¬ 
kets,”  says  Teresa  Mastrangelo,  a  senior  ana¬ 
lyst  with  RHK.  “There’s  no  clear  Class  4/ 
Class  5  story  In  the  cable  space,  they  have  a 
good  opportunity  to  gain  some  market 
share  with  voice  applications  based  on 
their  strong  [cable  modem  termination  sys¬ 
tem]  presence,  but  even  that  is  unclear  as 
to  which  product  would  be  part  of  that 


Now  hear  this 

Next-generation  voice  market  is 
in  its  early  stages. 

Worldwide  revenue  for  next- 
generation  voice,  in  Q1  of  2002: 

•  Hardware  totaled  $36  million 

•  Software  totaled  $217  million 

Products  include  voice-over  broad¬ 
band  gateways,  broadband  loop 
carriers,  voice/data  switches, 
softswitches,  remote-access  con¬ 
centrator  VoIP  gateways  and  voice 
application  servers. 

SOURCE:  INFONETICS  RESEARCH 


voice  solution.” 

Sherburne  says  Cisco’s  BTS  10200  soft- 
switch  and  PGW  2200  PSTN  gateway  are 
two  products  that  can  be  used  for  call  con¬ 
trol  in  a  cable  or  packet  network.  But  for 
now,  all  evidence  suggests  carriers  are 
handing  their  packet  telephony  business  to 
their  incumbent  circuit-switching  vendors. 

Nortel  just  announced  a  packet-based 
Class  4  tandem  switch  trunking  replace¬ 
ment  pact  with  Verizon  comprising  Nortel’s 
Passport  ATM  switches.  Nortel  says  it  has 
been  awarded  more  than  $2  billion  in 
voice-over-packet  contracts. 


Lucent  recently  announced  an  IP 
Centrex  win  with  SBC  Communications. 

In  both  cases, Verizon  and  SBC  went  with 
their  incumbent  suppliers  wrapping  the 
potential  of  packet  switching  around  exist¬ 
ing  TDM  gear,  Sherburne  says. 

“Those  are  longtime  vendors  for  those 
customers,  they  clearly  have  relationships,” 
he  says.“When  they’re  talking  about  doing 
TDM  stuff  then  that  is  not  a  place  we  would 
go  and  actively  try  to  compete.” 

Meanwhile,  four  Cisco  service  provider 
customers  —  China  Unicom,  iBasis,  ITXC 
and  Genuity  —  have  carried  at  least  1  bil¬ 
lion  H.323-based  VoIP  minutes,  Cisco  says. 
China  Unicom,  Cisco's  largest  VoIP  carrier, 
has  transported  more  than  3  billion  VoIP 
minutes,  the  company  says. 

“The  largest  packet  telephony  networks 
are  Cisco-based,”  Sherburne  says. 

Cisco  also  has  a  competitive  local  ex¬ 
change  carrier  customer  in  the  Atlanta 
area  deploying  its  BTS  10200  softswitch. 
Cbeyond  is  offering  local  telephony  ser¬ 
vices  and  primary  rate  interface  offload  to 
small  and  midsize  businesses. 

Other  Cisco  call  control  customers  in¬ 
clude  BT,  Tiscali,  Tele  Danmark  and 
OneTel/Scarlet. 

“We  have  in  the  U.S.,and  outside  the  U.S., 
—  in  Asia,  in  particular  —  a  number  of  tri¬ 
als  under  way  and  would  expect  in  the  fall 
to  be  making  further  announcements,” 
Sherburne  says.  ■ 


Broadband  alive  and  well,  firm  says 


■  BY  JIM  DUFFY 

SCOTTSDALE,  ARIZ.  —  Increasing  de¬ 
mand  for  faster  connections  to  the  Web  has 
led  to  “substantial”  broadband  subscriber 
growth  over  the  past  year, according  to  mar¬ 
ket  research  firm  In-Stat/MDR. 

At  the  beginning  of  2002,  the  number  of 
worldwide  broadband  subscribers  passed 
the  30  million  mark,  and  by  the  end  of  this 
year  worldwide  subscriber  totals  are  ex¬ 
pected  to  surpass  46  million,  the  firm  says. 
DSL  has  become  the  premier  broadband 
access  technology  in  the  international 
market,  while  cable  modem  service  con¬ 
tinues  to  do  well  in  the  U.S.,  according  to 
the  report. 

In  late  2001,  the  number  of  worldwide 
DSL  subscribers  surpassed  17  million,  let¬ 
ting  DSL  service  replace  cable  modem  ser¬ 
vice  as  the  most  widely  used  broadband 


access  technology,  In-Stat/MDR  says.  A 
sharp  rise  in  the  number  of  DSL  sub¬ 
scribers  in  the  Asia-Pacific  region  sparked 
worldwide  DSL  growth. 

In  the  U.S.,  cable  modem  subscribers 
continue  to  outnumber  DSL  subscribers 
by  a  wide  margin.  At  the  beginning  of 
2002,  there  were  7.12  million  U.S.  cable 
modem  subscribers  and  4.6  million  DSL 
subscribers. 

The  residential  market  will  continue  to  be 
hotly  contested  between  the  broadband 
access  technologies  because  of  the  low 
penetration  and  adoption  rates  expected 
for  cable  modems  in  the  business  sector, 
according  to  In-Stat/MDR.  U.S.  cable  opera¬ 
tors  have  rapidly  made  cable  modem  ser¬ 
vice  available  to  the  majority  of  residential 
customers  while  almost  ignoring  the  busi¬ 
ness  community  the  firm  says. 

Meanwhile,  the  availability  of  broadband 


access  remains  the  greatest  challenge  to 
long-term  broadband  growth  because  the 
majority  of  the  world’s  telecommunica¬ 
tions  infrastructure  cannot  yet  support 
broadband  access  technologies. 

Other  broadband  access  technologies, 
such  as  satellite  broadband,  fiber-to-the- 
home  and  fixed  wireless  service,  are 
merely  bit  players  in  the  overall  broad¬ 
band  access  market,  according  to  In- 
Stat/MDR.  The  three  services  account  for 
only  5%  of  current  worldwide  broadband 
subscribers.* 

More  online! 

Get  the  latest  news,  reviews 
and  how-tos  on  everything 
broadband  —  cable.  DSL, 
home  networking  and  more. 

DocFinder:  1534 
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SHAPING  YOUR  NETWORK 


Cryptography  chip  handles  SSL  traffic 


■  BY  BOBBY  CROUCH 

Secure  Sockets  Layer  is  the  standard 
method  of  securing  Web  transactions. The 
mathematical  computations  necessary  for 
SSL  cryptography  involve  very  large  num¬ 
bers  and  math  functions  not  within  the 
instruction  set  of  most  commercial 
processors. 

These  computations  typically  are  done 
in  software, creating  a  tremendous  burden 
for  servers;  typically  a  two  orders  of  mag¬ 
nitude  performance  decrease  is  ob¬ 
served.  A  server  capable  of  processing 
1,000  transactions  per  second  can 
process  only  10  transactions  per  second 
when  they  are  all  SSL-protected. 

The  traditional  solution  to  the  perfor¬ 
mance  problem  is  to  buy  more  servers 
with  multiple  CPUs  to  handle  the  secure 
traffic  and  ration  secure  Web  pages  to  the 
minimum, critical  set  of  transactions, such 
as  credit  card  number  exchange. 

An  alternative  approach  is  to  accelerate 
the  SSL  cryptography  with  coprocessors. 
These  products  perform  RSA  encryption 
or  bulk  encryption,  or  both;  all  still 
depend  on  a  host  processor  (or  the  net¬ 
work  processor)  to  send  and  receive  SSL 
records  to  the  cryptography  chip. 

They  process  up  to  thousands  of  new 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
have  one  and  want  to  contribute  it  to  a 
future  issue,  contact  Features  Editor 
Neal  Weinberg  (nweinberg®  nww.com). 


HOW  IT  WORKS 


Terminating  SSL  in  hardware 

An  in-line  chip  can  handle  all  SSL  traffic  destined  for  a  Web 

server.  ... 

Chip 

Web  server 

Server 
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End  user  makes  online 
purchase  and  sends 
encrypted  credit  card 
information  to  Web  server. 


Chip  intercepts  en¬ 
crypted  SSL  data  but 
lets  other  data  pass 
through  to  Web  server. 


Chip  decrypts  SSL 
traffic  and  passes 
it  on  to  Web  server 
at  wire  speed. 


SSL  handshake  requests  per  second. 
However,  their  approaches  require  sub¬ 
stantial  “glueware”  to  support  the  cooper¬ 
ative  processing  between  the  cryptogra¬ 
phy  hardware  and  the  host  processor,  and 
most  still  rely  on  the  PCI  (or  PCI-X)  bus  to 
convey  data  between  the  cryptography 
chips  and  the  host.  This  architecture  in¬ 
creases  complexity, and  introduces  perfor¬ 
mance  bottlenecks  because  multiple 
exchanges  between  cryptography  proces¬ 
sor  and  host  CPU  take  place  to  process 
even  one  SSL  session  handshake. 

System  on  a  chip 

One  solution  is  to  place  an  entire  system 
on  a  chip  to  perform  the  traffic  classifica¬ 
tion,  the  entire  SSL  protocol  and  all  bulk 
encryption. 

This  removes  any  interaction  with  the 
host  CPU,  reducing  complexity  and  signif¬ 
icantly  improving  performance.  A  security 


processor  on  a  chip  presents  an  industry- 
standard  Gigabit  Ethernet  interface  to  the 
client  side  and  another  one  to  the  server 
side. 

One  of  the  most  intimidating  hurdles  to 
terminating  large  numbers  of  SSL  ses¬ 
sions  is  processing  the  TCP/IP  packets 
that  encapsulate  the  SSL  records.  A  giga¬ 
bit  of  TCP/IP  traffic  alone  will  bury  a  tra¬ 
ditional  CPU,  without  ever  setting  up  an 
SSL  session. 

The  new  chips  integrate  a  high-perfor¬ 
mance  TCP/IP  processor  that,  for  SSL  traf¬ 
fic,  handles  TCP  segmentation,  packet  re¬ 
ordering  and  other  protocol  functions 
that  can  bog  down  the  host.  The  client- 
side  interface  is  a  Gigabit  Media  Inde¬ 
pendent  Interface  (GMII)  port,  which 
would  sit  directly  behind  a  network  inter¬ 
face  card’s  (NIC),  or  appliance’s,  physical 
interface. 

Client  HTTP  traffic  is  passed  directly 


through  the  chip  to  the  server  port,  also 
a  GMII  interface.  Incoming  SSL  traffic  is 
routed  to  the  cryptography  section  of 
the  chip,  which  performs  all  the  SSL  pro¬ 
tocol  functions  and  bulk  encryption, 
and  grooms  the  resulting  clear  text  mes¬ 
sages  before  presenting  them  to  the 
server  port. 

Grooming  is  key 

The  target  server  will  experience  no  per¬ 
formance  degradation  between  SSL  and 
non-SSL  traffic  and,  in  fact,  could  experi¬ 
ence  relatively  better  performance  with 
SSL  traffic,  because  of  the  groomed  nature 
of  the  TCP/IP  packets  presented  to  it. 

An  in-line  SSL  solution  is  not  valuable 
unless  it  performs  all  its  network  and  cryp¬ 
tography  functions  at  wire  speed,  up  to  1 
gigabit  per  second  throughput,  full  du- 
plex.This  translates  to  the  ability  to  handle 
up  to  100,000  new  SSL  handshake  re¬ 
quests  per  second. 

Configuration,  loading  of  SSL  key  and 
certificate  files,  and  management  infor¬ 
mation  retrieval  functions,  are  per¬ 
formed  via  a  management  port,  which  is 
a  GMII  interface.  All  management  func¬ 
tions  and  communications  can  be 
secured  with  SSL. 

The  need  to  secure  more  network  traffic, 
and  achieve  wire-speed  performance, 
demands  a  new  approach  to  cryptogra¬ 
phy  technologies.  The  in-line  approach 
creates  a  highly  manageable  SSL  solution 
that  achieves  performance  and  is  easy  to 
integrate  with  Web  server  NICs,  SSL  appli¬ 
ances  and  other  Layer  4-7  devices. 

Crouch  is  a  business  development  man¬ 
ager  for  Layer  N  Networks.  He  can  be 
reached  at  bcrouch@LayerN.com. 


Dr.  Internet 


By  Steve  Blass 


We  want  to  set  up  an  FTP  server  for  our  network  of 
15  PCs.  We  had  dynamic  IP  addresses  in  our  Cisco 
678  router.  Now  we  have  a  static  IP  address  on 
that  router  and  on  the  server.  DHCP  is  disabled  on 
the  router  and  enabled  on  the  server.  If  we  give 
static  IP  addresses  to  a  few  workstations,  they  can 
get  Internet  access,  but  there  are  not  enough  IP 
addresses  for  everyone  to  have  a  static  address. 
How  can  we  get  the  server  to  give  out  IP  addresses 
internally? 


Use  DHCP  services  from  your  server  or  your 
router  to  assign  IP  addresses  to  your  internal 
network  using  DHCP  configuration.  Give  the 
FTP  server  a  fixed  private  IP  address  in  your 
network  and  map  requests  for  your  fixed  public 
FTP  address  to  the  internal  address  using  net¬ 
work  address  translation  (NAT).  Establish  a  NAT 
entry  in  the  Cisco  678  using  the  “set  nat . . . " 
commands  of  the  Cisco  Broadband  Operating 
System.  Enable  NAT  with  the  “set  nat  enable" 


command.  Then  establish  the  NAT  mapping  for 
your  FTP  server  using  the  “set  nat  entry  add 
internal-IP  internal-PORT  external-IP  external- 
PORT  tcp."  A  link  to  a  configuration  guide  on 
setting  this  up  can  be  found  at  www.nwfusion. 
com,  DocFinder:  1536. 

Blass  is  a  network  architect  at  Change® 
Work  in  Houston.  He  can  be  reached  at 
dr.internet@changeatwork.com. 
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GEARHEAD 
INSIDE  THE 

NETWORK 

MACHINE 


Avid  readers  of  Network  World  that 
you  are,  we  are  certain  you  saw  in  a 
recent  issue  an  interesting  item 
titled  “Standard  may  bring  order  to 
e-mail  chaos”  (www.nwfusion.com,  Doc- 
Finder:  1525). 

The  standard  in  question  (which  is  tech¬ 
nically  a  “proposed  Internet  standard”)  is 
the  Internet  Engineering  Task  Forces  RFC 
3028:  Sieve:  A  Mail-Filtering  Language  (see 
www.nwfusion.com,  DocFinder:  1526). 

According  to  the  Sieve  home  page:“Sieve 
is  a  language  that  can  be  used  to  create  fil¬ 
ters  for  electronic  mail.  It  is  not  tied  to  any 
particular  operating  system  or  mail  archi¬ 
tecture.  It  requires  the  use  of  RFC  822-com- 
pliant  messages,  but  otherwise  should  gen¬ 
eralize  to  other  systems  that  meet  these  cri¬ 
teria”  (read  more  at  www.nwfusion.com, 
DocFinder:  1527). 

Sieve  is  a  descendent  of  an  earlier 
attempt  at  a  mail-filtering  system  called 
Flame,  an  extension  to  the  Andrew  Mail 
System  from  Carnegie  Mellon  University  As 


Mark 

Gibbs 


Full-kilter  filter 

Fame  scripts  were  written  in  Lisp,  this  was 
not  something  that  system  administrators 
could  get  excited  about,  and  in  1994  work 
on  Sieve  began. 

The  potential  power  of  Sieve  is  that  when 
implementations  become  commonplace 
we’ll  have  a  basic  filtering  system  that  is 
independent  of  any  vendor’s  bizarre  ideas 
of  rules  (or  whatever  they  choose  to  call 
their  filtering  system)  that  fails  to  work  reli¬ 
ably  and  is  only  barely  manageable  (and 
we  all  know  what  product  we’re  talking 
about  here,  don’t  we?). 

Moreover, Sieve  scripts  will  be  portable  so 
it’s  conceivable  that  your  e-mail  client  will 
routinely  download  updated  filters  from 
Internet  and  intranet  sources  so  common 
spam  messages  and  anything  else  undesir¬ 
able  can  be  efficiently  detected  and  dealt 
with  appropriately 

Again,  from  the  Sieve  home  page:  “The 
language  is  powerful  enough  to  be  useful, 
but  limited  in  power  in  order  to  allow  for  a 
safe  server-side  filtering  system.  The  inten¬ 
tion  is  to  make  it  impossible  for  users  to  do 
anything  more  complex  (and  dangerous) 
than  write  simple  mail  filters,  along  with 
facilitating  [graphical  user  interface] -based 
editors.  The  language  is  not  Turing-com¬ 
plete,  and  provides  no  way  to  write  a  loop 
or  a  function. Variables  are  not  provided.” 

So  what  we  have  in  the  RFC  is  a  specifi¬ 


cation  of  a  basic  scripting  system  and 
here’s  a  sample  script: 
if  header  [“From”]  contains  [“coyote”]  { 
forward  “acm@frobnitzm.edu”; 
}  else  if  header  “Subject”  contains 

“$$$”{ 

forward  “postmaster@frob- 

nitzm.edu”; 

}  else  { 

forward  “field@frobnitzm.edu”; 


If  the  header  contains  the  string  “coyote” 
the  message  is  forwarded  to  an  address. 
Otherwise,  if  the  subject  contains  “$$$”  (a 
common  string  found  in  spam  message 
subjects)  then  it  goes  to  a  different  address. 
Failing  either  of  those  tests,  the  message  is 
forwarded  to  yet  another  address.  See 
www.nwfusion.com,  DocFinder:  1528  for  a 
much  more  ambitious  example. 

The  RFC  is  quite  easy  to  understand  and 
we  recommend  you  read  it.  It  makes  the 
architecture  of  Sieve  quite  clear. 

But  it  will  take  some  time  for  Sieve  to 
become  commonplace  because  there  are 
lots  of  issues  that  are  yet  to  be  ironed  out. 
For  example,  how  can  you  prevent  scripts 
from  doing  bad  things?  Even  though  the 
language  doesn’t  support  loops  there  is  still 
the  possibility  for  all  sorts  of  hacks  that 
could  cause  problems  (for  example,  multi¬ 
ple  message  rejections  by  a  script  could 
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result  in  the  creation  of  a  mail  bomb). 

While  Sieve  is  obviously  a  potentially 
powerful  tool  on  the  client  side  it  is  really 
interesting  as  an  adjunct  to  an  IMAP  or 
SMTP  server.  Sieve  scripts  common  to  all 
users  can  automatically  examine  and 
manage  user  mailboxes,  reducing  work¬ 
station  overhead,  making  large-scale  dis¬ 
tribution  of  scripts  unnecessary  and 
ensuring  that  corporate  standards  are 
maintained  in  a  timely  fashion. 

There  are  only  a  few  Sieve  implementa¬ 
tions  available  (see  www.nwfusion.com, 
DocFinder:  1529)  but  we  suspect  that  oth¬ 
ers  will  appear  as  add-ons  to  existing  mail 
servers  in  short  order. 

A  client-side  implementation  (claimed  to 
be  the  first  to  market)  we  have  yet  to  try 
can  be  found  in  the  Mulberry  mail  client 
from  Cyrusoft  International  (www.nwfu 
sion.com,  DocFinder:  1530). 

If  you  are  desperate  to  try  a  server-side 
version,  check  out  the  Cyrus  mail  server 
(www.nwfusion.com,  DocFinder:  1531) 
from  Carnegie  Mellon  University’s  Com¬ 
puting  Services  Department.  This  server, 
which  runs  under  Unix,  supports  IMAR 
POP3  and  KPOP  along  with  a  Sieve 
implementation. 

Unfiltered  messages  to  gearhead@ 
gibbs.com. 


Cool  Too 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


If  you’ve  been  looking  for  a  way  to  secure  files,  either 
during  storage  or  transmission,  the  use  of  updated  com¬ 
pression  software  might  offer  some  help. 

We  recently  got  a  hold  of  PKWare’s  new  PKZIP  5.0  com¬ 
pression  software,  which  gives  users  the  ability  to  encrypt 
and  authenticate  the  files  they’re  compressing.  It  offers 
users  a  great  way  to  secure  files  they  want  to  send, 
whether  they  place  the  files  on  a  disk  or  send  them  over 
the  Internet. 

PKWare  developed  the  .ZIP  format  in  1989,  and  has  been 
one  of  the  leaders  in  the  compression  market.  Now,  with 
the  addition  of  strong  encryption,  it  wants  to  lead  file  com¬ 
pression  in  new  directions.The  new  software  will  come  in 
two  versions,  basic  (PKZIP  5.0  Standard  Edition)  and 
advanced  (PKZIP  5.0  Professional  Edition).  The  Standard 
Edition  allows  for  traditional  zipping  and  unzipping  and 
adds  basic  levels  of  security  by  adding  password  protec¬ 
tion  for  compressed  files. 

The  Professional  Edition  can  support  multiple  levels  of 
security  up  to  Triple-DES,  168-bit  encryption,  with  a  move¬ 
ment  toward  the  Advanced  Encryption  Standard. The  ad¬ 
vanced  version  also  provides  for  automated  compression, 
digital  signing  and  encryption  for  Microsoft  Outlook  users. 
PKWare  says  a  public-key  infrastructure  (PKI)  is  not  re¬ 
quired  to  realize  the  benefits  of  the  product. 

The  software  integrates  support  for  standard  X.509 
Version  3  digital  certificates  with  PKI  to  sign  and  encrypt 
the  compressed  files.  When  you  compress  a  file,  the  soft- 


Using  compression  to  encrypt  files 


ware  lets  you  choose  to 
assign  a  password  and/or 
digital  certificate  (if  avail¬ 
able)  to  encrypt  the  files. You 
also  can  choose  to  digitally 
sign  every  file  within  a  file 
archive. 

Files  created  with  PKZIP  5.0 
(even  password-protected 
ones)  can  be  opened  with 
other  compression  software, 
such  as  WinZIRso  users  don’t 
have  to  worry  about  recipients 
not  being  able  to  open  the 
files  (as  long  as  they  know  the 
password,  that  is). 

Another  benefit  can  be  the 
reduction  of  file  size  for  en¬ 
crypted  files.  When  you 
encrypt  a  file,  it  generally 
increases  the  file  size. 

Compressing  the  file  with 
PKZIP  before  encryption 
requires  less  storage  space 
than  noncompressed  encrypt¬ 
ed  files. This  saves  not  only  on  storage  space,  but  also  can 
reduce  the  amount  of  bandwidth  needed  for  transmitting 
the  encrypted  files. 

The  user  interface  should  be  familiar  to  users  of 
PKWare’s  older  versions  or  WinZIP  It  was  easy  to  create 
file  archives,  and  even  self-extracting  archives,  with  this 
software.  The  addition  of  security  features  did  not 
increase  the  complexity  of  using  the  software.  We  were 
impressed  with  the  user  interface  and  how  easy  we  could 


accomplish  the  tasks 
of  compressing  and 
decompressing  file 
archives.  The  software 
gave  us  the  choice  of  a 
“traditional"  or  wizard- 
based  interface,  which 
offers  users  different 
ways  of  approaching 
the  same  task. 

PKWare  is  looking  at 
some  vertical  markets, 
such  as  government 
and  healthcare,  that 
have  an  increased  need 
for  secure  file  storage 
and  transmission.  But 
the  software  can  bene¬ 
fit  regular  users  looking 
to  provide  more  securi¬ 
ty  for  the  files  they  store 
or  send.  Both  editions 
of  the  PKZIP  software 
are  available  for 
Windows  98,  ME,  NT  4.0, 
2000  and  XP  systems.  It  also  is  available  for  Unix  (Linux, 
HP-UX,  SPARC  Solaris,  IBM-AIX),  mainframe,  AS/400  and 
DOS  systems.The  Professional  Edition  is  available  now  via 
PKWare’s  Web  site  (www.pkware.com)  and  will  cost 
about  $50  (a  special  offer  for  $40  expires  around  Aug.  15). 
The  Standard  Edition  costs  $30  (with  a  special  offer  of  $25 
until  Aug.  15). 

Shaw  can  be  reached  at  kshaw@nww.com. 


PKZIP  users  can  secure  their  .ZIP  archives  with  passwords,  or 
by  using  specific  digital  certificates  to  encrypt  the  files. 
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Realize  your  potential. 


ProLiant  BL  e-Class  Servers 
Intel’  Pentium"  III  processors 


You're  a  visionary.  So  leave  the  endless  upgrades,  updates,  and  deployments 
to  someone  else,  while  you  concentrate  on  more  important  issues.  It's  possible 
with  Automated  Systems  Provisioning,  a  capability  of  ProLiant  server 
technologies  with  Intel®  Pentium®  III  and  Intel  Xeon™  processors.  ProLiant 
servers  running  ProLiant  Essentials  Rapid  Deployment  software  allow  you  to 
download  an  OS  or  application  upgrade  to  every  server  in  your  company 
quickly,  effortlessly,  and  even  remotely.  Which  means  deployments  that  used  to 
take  hours  can  be  completed  in  minutes.  Now,  there's  an  idea  with  potential. 


HP  can  help  you  plan,  implement,  and  manage  your  infrastructure  with 
scalable  service  and  support  solutions  for  every  product,  and  every  business. 


Visit  hp.com/go/proliant34  or  call  1.800.282.6672,  option  5, 
and  mention  code  TLZ  for  a  white  paper  on  adaptive  infrastructure 
and  a  free  trial  of  ProLiant  Essentials  software* 


pentium®/// 


©2002  Hewleft-Pockard  Company.  Intel,  the  Intel  Inside  Logo,  Xeon,  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ‘Workload  Management  Pack  and  Rapid  Deployment  Pack  only 
For  U  S.  customers  only.  20004IT 1/07/02 
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EDITORIAL 

John  Dix 

Riding  out  the 

WorldCom 

waves 


Although  pundits  point  out  that  WorldCom  is  asset 
rich  ($107  billion)  and  thus  likely  to  survive  bank¬ 
ruptcyentering  Chapter  1 1  is  a  triple  whammy  for 
the  already  shaky  telecom  community 
For  one,  companies  that  provide  products  and  services 
to  WorldCom  will  end  up  collecting  a  fraction  of  the 
money  they  are  owed,  which  might  be  catastrophic  for 
some  companies  already  teetering  on  the  edge. 

Adding  insult  to  injury, WorldCom  payments  made  in 
the  last  90  days  are  subject  to  review,  and  many  will  be 
recalled  under  a  complicated  bankruptcy  law  called 
preferences.This  means  some  suppliers  will  not  only 
have  to  kiss  outstanding  receivables  goodbye,  they’ll  also 
have  to  return  WorldCom  payments  for  products  deliv¬ 
ered/services  rendered. 

Topping  it  off,  WorldCom  is  in  such  dire  straits  it  is  fore¬ 
casting  capital  spending  in  2003  of  only  $2. 1  billion, 
down  from  $7.9  billion  in  2001  and  $1 1.4  billion  in  2000. 

Taken  together,  it’s  clear  the  filing  will  have  wide-ranging 
and  lasting  industry  consequences,  particularly  for  equip¬ 
ment  suppliers.  But  what  does  it  mean  for  customers? 

To  dispense  with  the  obvious:  WorldCom  cannot  lay  off 
28%  of  its  workforce  —  about  17,000  employees  —  with¬ 
out  degrading  service  levels.  Expect  shifts  in  account  per¬ 
sonnel,  installation  delays,  mistakes  and  problems. 

But  as  Gartner  points  out,  Chapter  1 1  doesn’t  invalidate 
customer  contracts.You  cannot  jump  ship  without  paying 
penalties  spelled  out  in  your  deal,  nor  is  that  necessary 
given  WorldCom  isn’t  going  to  dry  up  and  blow  away. 

Now  would  be  a  good  time  to  1)  pay  close  attention  to 
any  service-level  agreements  you  have,  and  2)  revisit  your 
diverse  routing  plans. 

Regarding  the  latter,  new  route  control  products  can  help 
ensure  you  are  getting  the  most  out  of  existing  multi¬ 
homed  Internet  links  and  even  let  you  use  services  like 
DSL  to  back  up  Internet  links  serving  smaller  branch 

offices. 

Gartner  offers  one  piece  of  counterintuitive  advice: 
“Enterprises  should  sign  contract  extensions  of  longer 
than  six  months  to  avoid  higher  month-to-month  pricing 
and  allow  reasonable  time  to  find  an  alternative.  When 
considering  contract  extensions  . . .  investigate  World- 
Corn’s  Customer  Satisfaction  and  Loyalty  Program  —  a 
series  of  renewal  incentives  offered  for  a  limited  time, 
including  a  low-risk, ‘easy  out’ six-month  extension.” 

While  WorldCom  says  it  has  no  plans  to  split  up  the 
company,  that  seems  inevitable.  We  would  expect  some¬ 
thing  along  the  lines  of  what  AT&T  is  going  through.  Plan 
accordingly 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


_ www.nwfusion.com 

opinions ! 


False  alarms 

Your  story  on  intrusion-detection  systems  was  excel¬ 
lent  (“Crying  wolf:  False  alarms  hide  attacks,” 
www.nwfusion.com,  DocFinder:  1435).  I  read  the 
whole  thing,  including  the  deployment  tips  and  glos¬ 
sary  Lots  of  good  info  there.  I  enjoyed  reading  this 
well-written  and  -researched  story. 

Tim  Bowen 
Product  manager 
Genuity 
Burlington,  Mass. 

Overall, “Crying  wolf:  False  alarms  hide  attacks”  is  a 
very  fair  story  Having  to  tune  out  “false  positives”  is  a 
headache  for  administrators,  but  a  necessary  evil. 

Snort  doesn’t  have  a  built-in  graphical  user  inter¬ 
face,  but  there  are  many  plug-in  interfaces  that  work 
well  with  it.  Snort  Snarf,  from  Silicon  Defense, 
extracts  data  from  the  Snort  databases  and  places  it 
in  a  GUI  interface  via  your  Web  browser. 

Jeff  Haynie 

Athens,  Ga. 

“Crying  wolf:  False  alarms  hide  attacks”  struck  a 
chord  with  many  security  professionals.  Of  particu¬ 
lar  interest  was  the  topic  of  false  alarms  generated 
by  IDS  products  when  put  “in  the  wild.” 

At  the  crux  of  this  debate  is  the  need  for  realistic 
testing  environments  and  evaluation  standards  for 
IDS  products.  IDS  sensors  are  almost  universally 
tuned  to  specific  operational  needs  to  maximize 
performance  and  minimize  false  alarms.  Test  envi¬ 
ronments  that  do  not  take  this  into  account  in  a  real¬ 
istic  manner  do  not  paint  an  accurate  picture  of 
actual  IDS  performance  in  a  real-world  setting. 

It  is  very  important  that  vendors,  customers  and 
reviewers  work  together  to  understand  how  IDS 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


products  are  actually  used  in  a  real-world  environ¬ 
ment  so  that  testing  better  reflects  day-to-day  perfor¬ 
mance  expectations.  Otherwise,  the  ability  to  tune 
an  IDS  becomes  lost  among  unrealistic  frequent 
false  alarms  raised  by  the  testing  process  itself  — 
even  though  tunability  is  a  key  differentiator  for  IDS 
customers  seeking  the  best  protection  and  value. 

Tim  McCormick 
Vice  president,  marketing 
Internet  Security  Systems 
Atlanta 

Editor's  reply:  We  fully  agree  that  IDSes  should  be 
appropriately  sized  and  tuned  to  the  networks  they 
monitor.  Prior  to  the  start  of  testing,  we  gave  all  par¬ 
ticipants  detailed  information  about  the  live  produc¬ 
tion  network  we  planned  to  use  so  they  would  send 
the  appropriate  products  for  the  network  environ¬ 
ment.  All  participants,  including  Nokia/ISS,  had  full 
knowledge  of  conditions  on  the  live  network  before, 
during  and  after  our  test.  As  the  story  details,  we  spent 
a  significant  amount  of  time  attempting  to  tune  these 
products  to  work  better  in  our  test  environment;  how¬ 
ever,  we  found  that  most  lacked  the  tools  that  let  a 
user  tune  them  in  a  useful  way. 

Changing  times 

Jeff  Kaplan’s  column  “Whom  can  you  trust?” 
(www.nwfusion.com,  DocFinder:  1523)  brings  up 
some  valid  points: “[Industry  analyst/research  firms 
and  venture  capitalists’]  bold  pronouncements  of 
revolutionary  changes  in  computing  and  communi¬ 
cations  also  encouraged  many  customers  to 
acquire  bleeding-edge  technologies  and  poorly  pro¬ 
visioned  services  that  failed  to  meet  their  real  busi¬ 
ness  needs."  The  old  adage  “Let  the  buyer  beware” 
comes  into  play  here,  but  rapid  change  makes  it  dif¬ 
ficult  to  make  an  informed  business  decision. 

Linda  Maksimik 
Fort  Washington,  Ph. 


www.nwfusion.com 
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TOTALLY  UNPLUGGED 

Ira  Brodsky 


i 


t  looked  like  wireless  data  would  succeed 
first  in  the  corporate  world.  A  growing  cor¬ 
porate  market  for  wireless  data  would  fuel 
a  steady  decline  in  prices, gradually  leading  to 
consumer  applications. 

There  is  now  evidence  that  consumer  ap¬ 
plications  of  wireless  data  will  take  off  first,  creating  unexpected  op¬ 
portunities  —  and  perhaps  problems  —  for  corporations. 

The  driving  force  behind  wireless  data  won’t  be  field  automation;  it 
will  be  entertainment  —  mobile  games, polyphonic  ring  tones  and  ani¬ 
mated  screen  savers.  At  first  glance,  mobile  games  might  look  like  a 
poor  substitute  for  PC  and  video  games.  But  mobile  games  offer  things 
PC  and  video  games  can’t.  Users  carry  mobile  devices  with  them  every¬ 
where,  and  packet-switched  wireless  data  offers  service  that  is  always 
on,  enabling  “persistent”  games  that  can  be  played  in  short  bursts  over 
a  period  of  days  or  even  weeks.  Wireless  networks  and  handsets  are 
also  being  upgraded  to  pinpoint  users’  current  locations,  enabling 
“massively  multiplayer”  games  that  take  place  on  the  streets. 

This  explosion  in  wireless  entertainment  creates  two  major  opportu¬ 
nities  for  companies  that  sell  to  consumers.  Mobile  games,  ring  tones 
and  screen  savers  are  powerful  brand  promotion  tools.  Contests,  one  of 
the  simplest  types  of  mobile  games,  can  double  as  a  market  research 
tool  for  polling  a  large  number  of  consumers  on  short  notice. 

Movie  studios  are  pouncing  on  mobile  entertainment  as  a  hip,  new 
marketing  channel.  What  better  way  to  promote  a  movie  than  to  let 


Games:  Wireless  killer  app? 


mobile  phone  owners  use  the  movies  theme  song  as  their  ring  tone? 

With  more  than  135  million  mobile  subscribers  in  the  U.S.,  mobile 
phones  are  a  relatively  unobtrusive  tool  for  conducting  market  re¬ 
search.  Companies  will  sign  up  with  mobile  operators  to  conduct  mar¬ 
ket  research  on  short  notice,  and  operators  will  oblige  them  by  sorting 
users  (with  their  permission)  by  location  and/or  demographics. 

The  growth  of  wireless  entertainment  also  poses  risks  for  corpora¬ 
tions.  New  mobile  phones  will  be  able  to  download  games.That  means 
they  also  will  be  able  to  download  viruses.There  have  been  reports  of 
mobile  phones  unwittingly  downloading  self-disabling  code. 

Today  there  are  two  major  software  development  environments  for 
mobile  games:  Qualcomm’s  Binary  Runtime  Environment  for  Wireless 
(BREW)  and  Sun’s  Java  2  Micro  Edition  (J2ME).  BREW  offers  a  con¬ 
trolled  environment  with  built-in  security  J2ME  is  a  more  open  envi¬ 
ronment,  though  security  is  optional.  Texas  Instruments’  Open  Multi- 
media  Applications  Platform  also  is  likely  to  become  a  factor  as  wire¬ 
less  services  expand  into  streaming  media. 

Just  when  we  thought  wireless  data  would  prosper  first  in  field  auto¬ 
mation,  a  back  door  has  been  thrown  wide  open.  Organizations  that 
rely  on  wireless  phones  must  start  worrying  about  denial-of-service 
attacks.  But  they  also  should  prepare  to  handle  requests  from  their  mar¬ 
keting  departments  to  leverage  this  powerful  new  medium. 


There  is  now 
evidence  that 
consumer  appli¬ 
cations  of  wire¬ 
less  data  will 
take  off  first. 


Brodsky  is  president  of  Datacomm  Research  of  Chesterfield,  Mo.  He 
can  be  reached  at  ibrodsky@datacommresearch.com. 


REALITY  CHECK 

Thomas  Nolle 


forldCom  isn’t  in  financial  trouble  be¬ 
cause  of  accounting  inventions.  The 
accounting  inventions  are  a  result  of 
WorldCom  being  in  financial  trouble,  and  the 
source  of  the  trouble  is  simple:  no  earnings 
growth. That  same  problem  will  ultimately  affect  Sprint  and  AT&T,  and 
left  unchecked,  it  will  destabilize  even  the  regional  Bell  operating  com¬ 
panies.  What  ails  earnings  is  lack  of  new  revenue,  for  WorldCom  and  the 
rest  of  our  industry. 

The  fastest  way  to  get  earnings  is  to  steal  revenue  from  competitors 
—  meaning  build  market  share.  This  doesn’t  require  that  consumers 
change  buying  patterns,  just  from  whom  they  buy  Just  recently  Verizon 
launched  long-distance  service  in  New  Jersey  and  we  immediately 
changed  our  carrier, and  so  will  others.The  communications  pie  in  the 
U.S.  might  not  get  bigger  in  the  last  half  of  this  year,  but  more  of  that  pie 
will  shift  to  the  RBOCs.lt  will  sweeten  their  bottom  line  and  encourage 
further  investment  in  infrastructure.  The  decline  of  the  interexchange 
carriers  will  boost  the  remaining  players  —  the  RBOCs. 

Still,  competing  for  service  revenue  eventually  will  lead  everyone  to 
ruin.  We  need  to  get  new  dollars  on  the  table, and  for  that  we  need  to 
look  to  the  Internet.  Not  to  the  “collapse  of  the  entire  telecommuni¬ 
cations  infrastructure  into  the  Internet  and  call  it  convergence”  the¬ 
ory  but  to  the  public  data  model  the  'Net  represents. That  model  has 
to  save  the  industry,  but  there  are  issues  in  making  it  happen. 

Issue  No.  1  is  broadband  deployment.  New  broad-based  applications 
of  nonvoice  service  clearly  require  faster  access  connections  for  con¬ 
sumers  and  small  businesses.  While  it’s  nice  that  the  Bush  administra¬ 
tion  is  backing  its  Federal  Communications  Commission  chairman  in 
an  orderly  change  of  broadband  policy  it  would  be  nicer  if  we  saw 
some  of  the  changes  in  our  lifetime.  The  threat  of  impending  FCC 
action  is  hampering  even  the  anemic  attempts  to  develop  non-RBOC 
broadband  service  options,  such  as  cable  modems  and  wireless,  but 
we  don’t  have  the  benefits  to  offset  these  competitive  losses  because 
we  don’t  have  a  final  FCC  ruling.  Let’s  get  with  it,  guys. 

Issue  No.  2  is  intellectual  property.  Do  you  want  to  work  for  free? 


Earnings  instead  of  inventions 


Chances  are,  actors  and  singers  are  equally  unenthusiastic  about  the 
idea.  Producing  records  or  movies,  or  writing  games  and  software,  is 
going  to  proceed  at  a  pace  determined  by  how  profitable  it  is  for  all 
those  involved. Free  distribution  of  the  stuff  doesn’t  create  profit,  and  so 
doesn’t  create  the  incentive  to  produce.  Broadband  hasn’t  taken  off 
even  where  it’s  available  in  large  part  because  we  can’t  create  unique 
broadband  value  for  the  Internet  consumer. The  reason  is  that  the  own¬ 
ers  of  the  media  content  are  concerned  about  wholesale  piracy  of  their 
work,  as  they  should  be.The  Internet  has  taken  copyright  violation  to 
new  heights. 

Issue  No.  3  is  technology  policy  at  the  highest  level.  It’s  clear  that  we 
are  hamstrung  today  by  the  inertia  of  our  old  voice-age  networking 
gear.  Tax  credits  might  encourage  broadband  deployment,  but  they 
won’t  address  the  larger  problems.  We  don’t  have  packet  infrastructure 
today;  we  don’t  have  packet  voice.  We  don’t  have  3G  wireless  univer¬ 
sally  deployed.  We  have  old  stuff  that  isn’t  fully  depreciated,  and  the 
remaining  cost  of  this  dinosaur  technology  impedes  its  replacement. 
We  need  to  look  at  tax  incentives  aimed  at  lessening  the  impact  of 
replacing  old  technology. 

Issue  No.  4  is  hype.Telecom  has  the  dubious  distinction  of  being  the 
investment  area  where  the  gap  between  what  was  widely  predicted 
and  what  has  actually  occurred  is  the  largest.  If  we  get  all  gaga  over 
every  half-baked  but  exciting  concept  that’s  presented,  we  create  a  cli¬ 
mate  where  “investors”  are  really  thinly  disguised  con  men  trying  to  per¬ 
petrate  a  pyramid  swindle  on  the  public  —  which  is  just  what  Enron 
and  WorldCom  look  like  to  many  A  climate  of  realistic  assessment  of 
new  options  is  critical  in  getting  stable  financing  to  make  those  options 
really  pan  out. 

We’re  going  to  have  accounting  fixes  in  the  coming  months,  and 
regulators  will  promise  that  something  like  WorldCom  won’t  happen 
again.  All  of  it  is  good  and  necessary,  but  without  revenue  relief,  no 
regulations  will  restore  confidence  in  this  industry 


We  need  to  get 
new  dollars  on 
the  table,  and  for 
that  we  need  to 
look  to  the 
Internet. 


Nolle  is  president  of  CIMI  Corp.,  a  technology  assessment  firm  in 
Voorhees,  N.J.  He  can  be  reached  at  tnolle@cimicorp.com. 


Tripwire  is  The  Data  Integrity  Assurance  Company 


Tripwire®  establishes  a  baseline  of  data  in  its  known 
good  state,  monitors  and  reports  any  changes  to 
that  baseline,  and  enables  rapid  discovery  and 
recovery  when  an  undesired  change  occurs. 

Foundation  for  Data  Security 

■  Ensure  the  integrity  of  your  data 

■  Instant  assessment  of  system  state,  reporting 
“integrity  drifts" 


Your  firewalls  and  intrusion  detection  tools  alone 
are  not  enough  to  keep  systems  trustworthy. 
Tripwire’s  data  integrity  assurance  products  are  the 
only  way  to  know  with  100%  confidence  that  your 
data  remains  uncompromised.  For  nearly  10  years 
Tripwire  has  been  helping  IT  professionals  know 
exactly  what’s  changed  on  their  systems,  and 
helping  them  to  recover  quickly. 
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Lower  Costs 

■  Find  and  fix  problems  quickly  and  precisely  - 
no  more  guess  work 
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ecurity,  according  to  Helen  Keller,  is  a  super- 
stition.  It’s  found  nowhere  in  nature,  but  we 
keep  trying  to  achieve  it,  and  there  are  many 
^  W  products  on  the  market  to  help  us.The  most 
common  —  firewalls  —  are  widely  installed 
and  continue  to  evolve  with  features  and  functionality 
But  firewalls,  posted  at  enterprise  network  portals 
to  limit  access  from  the  Internet,  are  only  part  of  a 
comprehensive  security  strategy.  They  don’t  provide 
protection  from  viruses  that  enter  through  e-mail 
servers,  for  example.  Nor  do  they  offer  protection 
against  individuals  downloading  or  e-mailing  con¬ 
tent  that  could  put  your  company  at  risk. 

To  address  these  security  risks,  you  can  look  at 
secure  content  management  (SCM)  devices,  such  as 
antivirus  and  content-filtering  products. 

According  to  IDC’s  recent  assessment  of  the  SCM 
market,  worldwide  revenue  in  this  segment 
reached  2  billion  in  2001,  representing  a  22% 
growth  rate  over  2000.  That  growth  was  because  of 
the  increasingly  sophisticated  techniques  that  are 
being  used  to  exploit  security  vulnerabilities. 
Forecasts  for  the  market  show  it  reaching  $4.8  bil¬ 
lion  in  2006  (see  graphic,  page  38). 

Network  World  Global  Test  Alliance  member 
Miercom  last  month  kicked  the  tires  of  six  antivirus 
products  and  six  content-filtering  devices  to  uncover 
vulnerabilities,  assess  features  and  determine  how  the 
products  can  be  best  deployed  in  corporate  networks. 

Overall,  the  products  we  examined  worked  well 
—  detecting  about  99.9%  of  the  viruses  we  threw 
at  them  and  blocking  access  to  designated  Web 
sites  almost  flawlessly. 

But  products  that  offered  the  most  extensive  security 
options  were  also  harder  to  configure  and  use.  We  also 
uncovered  some  subtle  vulnerabilities  that,  although 
not  showstoppers,  could  pose  some  security  risks. 


Ease  of  use  vs.  granularity  and  features 

Three  trends  were  clearly  evident  among  the  products 
we  examined  (see  online  product  chart  www.nwfusion. 
com,  DocFinder:  1432).  First, security  vendors  are  taking 


Questions  to  ask  when 
selecting  content 
security  products 

•  What  are  the  ease  of  use  vs.  depth  of  protection 
trade-offs? 

•  Can  you  schedule  virus  updates  to  occur  automatically 
during  off-peak  hours? 

•  How  much  bandwidth  do  these  virus  updates  consume? 

•  How  will  various  inline  security  products  work  together 
in  the  network?  Are  there  points  of  failure  that  will  be 
hard  to  isolate? 

•  How  does  the  vendor  keep  up  to  date  on  virus  definitions 
(through  in-house  resources  or  third  parties  such  as 
Trend  Micro,  Norman  Virus  Control  and  BitDefender)? 

•  How  will  you  keep  track  of  patches  for  known 
vulnerabilities  and  make  sure  they  are  distributed  around 
your  network? 

•  Where  is  the  best  place  to  deploy  antivirus  protection  in 
your  network  (on  clients,  servers  and/or  e-mail  gateways)? 

•  How  does  a  content-filter  vendor  track  and  update 
URL  lists? 

•  Does  the  content  filter  offer  you  the  ability  to  customize 
your  own  fitter  list3 

•  How  context-sensitive  is  the  content  fitter?  Will  it  block 
more  than  you  want? 


security 


Access  Protocol  and  POP3  traffic. 

Mitel's  SME  Server  is  a  network  appli:  r  orpo 

rating  SMTP  gateway  antivirus  protection  a  file  servt 
content  filter, Web  server,  FTP  server.  SMTi  ‘/POPS  mail 
server,  Lightweight  Dire  or  Ace 
Protocol  server  and  an  IP  Security 
VPN. 

CacheFlow’s  Security  Gateway  800 
was  unique, incorporating  content  fil¬ 
tering  into  its  Web  caching  and 
acceleration  appliance.The  product 
reduces  the  load  on  existing  firewalls 
by  absorbing  and  filtering  content 
from  Web  servers  by  protocol,  such 
as  HTTP  or  FTP  traffic,  file  type, such 
as  executables,  and  Multi-purpose 
Internet  Mail  Extensions.  It  also  sup¬ 
ports  third-party  virus  scanners. 

We  focused  on  the  antivirus  and 
content-filtering  capabilities  of 
these  products  and  did  not  examine 
their  other  capabilities. 


Antivirus  products 

Estimates  of  how  many  viruses  are 
generated  worldwide  on  a  weekly 
basis  vary  widely  —  from  hundreds 
to  thousands.The  truth  is  probably 
somewhere  in  between.  But  even  a 
hundred  new  viruses  per  week  is  a 
lot  to  keep  up  with,  and  no  antivirus 
product  will  catch  every  new  virus 
that  comes  along. 

Security  experts  disagree  as  to 
whether  it’s  even  necessary  for  anti- 


Can  antivirus  wares  and 
content  filters  beef  up 
your  protection? 
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the  ease  of  use  issue  seriously. 

N2H2’s  Sentian  FS/Rea  Hat  Linux  content-filter 
required  only  checking  boxes  to  select  blocked  sites. 
SurfControl’s  Web  Filter  and  E-mail  Filter  used  simple 
drag-and-drop  actions  to  define  security  rules. 

But  the  downside  to  ease  of  use  results  in  a  lack  of 
scalability  and  granularity. TTie  two  products  that  were 
more  time-consuming  to  implement,  Symantec’s  Norton 
Anti-Virus  Corporate  Edition  and  the  F-Secure  Anti-Virus 
for  Workstations/Servers,  also  offered  far  more  security 
options  and  flexibility  in  setting  and  defining  security 
rules.  Some  security  expertise  is  definitely  required  to 
work  with  these  products. 

The  third  trend  is  that  many  vendors  are  incorpo¬ 
rating  multiple  security  functions, such  as  antivirus, 
content-filtering  and  intrusion-detection  systems 
(IDS)  into  one  system. 

Fortinet’s  FortiGate-400  incorporates  firewall, VPN,  IDS, 
content  filtering  and  virus  scanning  for  Web  and  email 
onto  an  appliance  that  allows  real-time  in-line  scanning 
of  HTTRSimple  Mail  Transfer  Protocol,  Internet  Message 


virus  products  to  offer  protection 
against  a  large  number  of  known 
viruses,  especially  if  they’re  not 
widely  dispersed.  But  all  agree  that 
it’s  more  important  to  assess  and 
quickly  report  those,  such  as  the 
Klez  virus,  that  are  most  likely  to 
have  more  widespread  dispersion 
or  are  particularly  malicious.  Klez 
specifically  targets  Microsoft  mail 
products.  It  invades  users'  personal 
address  books,  mailing  viruses  to 
and  from  those  on  a  personal  mail¬ 
ing  list,  creating  a  chain  reaction 
that  spreads  rapidly. 

Some  antivirus  vendors  recom¬ 
mend  daily  updates  of  virus  signa¬ 
ture  databases.  All  antivirus  products 
we  examined  support  the  ability  to  schedule  updates 
to  occur  automatically  at  scheduled,  off-peak  times  to 
limit  the  affect  on  network  performance. 

Some  vendors,  including  GF1  Limited  and  F-Secure, 
support  more  than  one  antivirus  scanning  engine, 
offering  the  ability  to  multiply  the  user’s  chance  of 
catching  viruses  on  one  engine  that  could  be  missed 
on  another.  GFl’s  Mail  Security  supports  three  engines, 
which  scan  incoming  mail  sequentially.  Users  can 
change  the  order  of  the  scan  to  take  advantage  of  the 
efficiencies  of  one  engine  over  another. 

An  alternative  to  choosing  a  product  with  multiple 
engines  is  to  deploy  antivirus  products  from  different 
vendors  at  various  places  in  the  network,  with,  for  exam 
pie,  one  on  client  and  server  machines  and  another  on 
an  e-mail  gateway.  But  the  downside  is  no  central  man¬ 
agement  of  antivirus  resources.  Doing  this  also  could 
increase  bandwidth  usage  as  different  products  down 
load  multiple  sets  of  virus  signatures. 

Also  an  issue  with  antivirus  products  is  deddiu.' 
where  to  deploy  them.  Using  antivirus  software  or. 


•  rra-i  servers  prevents  viruses  from  get¬ 
ting  ■■■  server  and  client  machines. This 
reduces  the  number  of  alarms,  an  IT 
team  has  to  deal  with  because  the  viruses 
are  :  ocked  at  the  e-maii  gateway. 

Bui  laii-based  antivirus  products  won’t 
proven;  someone  from  introducing  viruses 
ind  ,  client  machine  through  an  infected 
end..  .  .Securing  an  email  gateway  also 
won';  protect  against  Web- boi  ne  viruses. 

Th?  WildList 

AI!  she  antivirus  products  detected  almost 
ali  our  virus  attacks,  which  consisted  of  four 
majoi  categories  of  viruses:  Web-borne 
sc  ript  viruses, Trojan  Horses,  worms  and 
legacy  viruses. The  object  of  our  testing  was 
to  launch  a  broad  set  of  viruses  against  the 
machines  to  look  for  common  vulnerabilities. 

Before  testing,  we  collected  viruses 
from  a  variety  of  sources,  including 
some  w-e  had  received  in  our  own  net¬ 
work  and  some  taken  from 
vx.netlux.org,  a  repository  of  virus 


Securing  your 
content 

Because  of  the  increasingly 
sophisticated  techniques  that 
are  being  used  to  exploit 
security  vulnerabilities,  IDC 
forecasts  that  worldwide 
revenue  of  secure 
management  software  will 
hit  $4.8  billion  by  2006. 


SOURCE:  IOC 
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CacheFlow's  Security  Gateway  800 
incorporates  content  filtering 
into  its  Web  caching  and 
acceleration 
appliance. 

< 


CacheFlow's  Security 
Gateway  800 


Fortinet's  FortiGate-400  incorporates  firewall, 
VPN,  IDS,  content  filtering  and  virus  scanning 
for  Web  and  e-mail  onto  an  appliance 
that  supports  inline  scanning  of 
HTTP,  SMTP,  IMAP  and 
POP3  traffic. 


Fortinet  FortiGate  400 

Symantec's 
Web  Security  soft¬ 
ware  supports  Dynamic 
Document  Review,  which  provides 
granular  context-sensitive  scanning  of  a 
Web  page  to  check  the  context  of  questionable 
words  that  might  otherwise  be  blocked  by  a 
content  filter.  This  prevents  blocking,  for 
example,  a  page  containing  refer¬ 
ences  to  "sex  education" 
or  "breast  cancer." 


Symantec's  Web  Security 


source  code  and 
executable  code. 

We  cross-refer¬ 
enced  our  test  viruses 
against  the  WildList 
(www.wildlist.org), a  reposi¬ 
tory  of  known  viruses,  devel¬ 
oped  in  1993. The  WildList  is  an 
industry  standard  against  which 
many  vendors  test  and  certify  their 
products.  Our  attack  list  incorporated 
about  20  selected  viruses.They 
included  Melissa,  Klez  H.,HTML 
Party,  Nimda.A,  CodeRed  A., 
EvilBot  and  LoveLetter. 

We  uncovered  only  a 
minor  vulnerability, 
and  in  doing  so 
stepped  into  a  war 
concerning  the  use  of 
legacy  and  variant  viruses  to 
test  antivirus  products. 

The  Sophos  Anti-Virus  and  Forti¬ 
net  FortiGate  400  products  did  not 
detect  a  legacy  virus  and  a  variant  of 
that  virus  we  ran,  while  the  F-Secure, 
GF1,  Mitel  and  Symantec  products 
did. 

Sophos,  Fortinet  and 
other  security  vendors 
base  their  known 
virus  signature 
databases  primarily 
on  those  listed  on  the 
WildList,  contending  that 
viruses  not  on  the  list 
(referred  to  as  “zoo”  viruses) 
pose  little  threat  (because  they’re 
old  or  were  not  widely  distributed)  to 
their  end  users. 

We  ran  a  variant  virus  to 
check  the  products’  pattern¬ 
matching  (or  heuristics) 
abilities.  In  a  variant 
virus  the  source 
code  of  a  known 


virus  is  slightly  modified,  only  enough 
to  let  it  slip  by  an  antivirus  filter.  Using 
heuristics,  an  antivirus  product  detects  a 
suspicious  pattern  in  the  code,  and  even 
though  it  might  not  be  able  to  name  it,  it 
flags  it.The  products  we  tested  all  sup¬ 
ported  this  feature  —  some,  such  as 
Symantec  and  F-Secure  —  to  a  more 
granular  level  than  others. 

The  argument  for  testing  against  the 
WildList  is  sound,  but  be  aware  that  there 
is  nothing  to  prevent  someone  from 
using  the  same  public  resources  to  cre¬ 
ate  and  launch  virus  attacks  based  on 
older  viruses  or  to  create  variants  of 
known  viruses. 

Content  filtering 

The  main  function  of  a  content  filter 
is  to  assess  the  top  sites  accessed 
within  the  network  and  block  access  to 
Web  sites  that  a  company  determines 
objectionable  (such  as 
pornography,  hate  orga¬ 
nizations  and  gambling) 
or  time-wasting  (shop¬ 
ping  sites,  sports  and 
entertainment). 

How  and  why  an  orga¬ 
nization  decides  to  use 
content-filtering  products 
shouldn’t  be  taken  lightly 
Issues  involving  the  rights 
of  the  individual  vs.  the 
company,  along  with 
other  legal  liabilities, 
surround  their  use. 

Companies  should  clearly 
define  why,  where,  when 
and  how  they  use  content 
filters  across  their  networks. 

To  test  the  products’  filtering  abili¬ 
ties,  we  first  perused  the  Internet  to 
create  a  list  of  Web  sites,  which  were 
divided  among  a  number  of  typically 
objectionable  categories,  including 


adult  content,  hacking,  shopping  and 
gambling  sites. 

Using  an  open  source  utility  called 
wget  that  downloads  an  entire  Web  site, 
we  created  a  script  that  downloaded  65 
Web  sites  on  our  "block"  list. We  then  had 
each  content-filtering  device  download 
all  the  items  on  our  list  to  determine 
which  were  blocked  and  which  weren’t. 

Overall,  the  products  performed  very 
well.  A  few  missed  one  site  or  another. 
Symantec’s  Web  Security  missed  one  adult 
site;  N2H2’s  Sentian  failed  to  filter  one 
pornography  site;  CacheFlow’s  Security 
Gateway  800  missed  one  gambling  site. 

We  also  checked  whether  it  was  possi¬ 
ble  to  circumvent  the  products’  content 
filters.To  test  this,  we  resolved  the  IP 
address  of  a  known  blocked  site  via  a 
ping  and  attempted  to  access  the  site 
by  entering  the  IP  address  in  a  Web 
browser  in  place  of  the  URL. 

We  gained  access  via  IP 
address  to  one  known 
blocked  site  that  used  load 
balancing  to  access  multi¬ 
ple  servers  and,  therefore, 
had  multiple  IP  addresses. 
Some  of  these  IP  addresses 
were  not  on  our  content-fil¬ 
ter  lists.  We  also  deter¬ 
mined  that  the  DNS  reverse- 
lookup  capability  on  the 
site  had  been  disabled,  pre¬ 
venting  us  from  resolving 
the  IP  address  to  the  URL, 
which  could  then  be  used 
by  the  content  filtering 
prods  checked  against  our 
filter  list. To  correct  this,  we 
created  an  additional  rule  on  our  con¬ 
tent  filters  to  block  sites  that  could  not 
be  resolved  to  a  URL. 

A  differentiating  factor  among  content 
filters  is  their  ability  to  filter  based  not  only 
See  Security,  page  41 
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Layering  your  security 

Read  about  three  other  products 
that  can  add  a  new  dimension  to 
your  overall  security  plan. 
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Microsoft  just  delivered  a  clear 
pricing  roadmap  for  your  future. 


The  signs  are  all  there.  Microsoft  wants  more  money  from  you.  And  they’ll  do  whatever  it  takes 
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Continued  from  page  38 

on  a  word  but  also  on  the  context  in 
which  a  word  is  used.  Symantec’s  Web 
Security  was  the  only  product  that  sup¬ 
ported  Dynamic  Document  Review;  which 
provides  granular  context-sensitive  scan¬ 
ning  of  a  Web  page  to  check  the  context 
of  questionable  words  that  might  other¬ 
wise  be  blocked  by  a  content  filter. This 
prevents  blocking,  for  example,  a  page 
containing  references  to  “sex  education” 
or  “breast  cancer.” 

The  content-filtering  products  were  all 
fairly  easy  to  integrate  into  our  network 
with  minimal  downtime.  We  plugged  the 
products  inline,  and  they  were  function¬ 
ing  in  less  than  1  minute.  Most  products 
also  easily  integrated  with  directories 
and  user  groups  that  already  were  set  up 
on  our  network. 

We  encountered  an  interesting  deploy¬ 
ment  issue  on  Surf  Control’s  Web  Filter. The 
product,  which  resides  between  client 
machines  and  the  Internet,  passively  cap¬ 
tures  traffic.  If  it  detects  a  user  trying  to 
access  a  blocked  site,  it  spoofs  the  blocked 
URL, sending  an  access  denied  message 
back  to  the  user. 

Because  of  the  specific  setup  required 
on  the  Web  Filter  product,  letting  it 
capture  and  transmit  data  on  the  net¬ 
work,  we  could  not  use  the  device  on 
our  Extreme  Summit  48  switch,  which 
supports  only  receive  transmission  on 
its  mirroring  port.  (We  connected  Web 
Filter  to  a  hub.)  Presumably,  Web  Filter 
would  have  worked  on  a  switch  that 
supported  transmit  and  receive  traffic 
on  its  port  mirror. 

While  we  typically  think  of  content  filter¬ 
ing  in  the  context  of  blocking  access  to 
Web  sites,  it  is  also  applicable  to  content 
leaving  and  entering  a  corporate  network 
via  email. 

SurfControl  offers  a  product  called 
E-mail  Filter,  which  supports  filtering  and 
routing  of  email  based  on  a  variety  of  rule 
sets.  E-mail  that  doesn’t  match  the  rules 
invokes  triggers  that  isolate,  discard,  allow 
or  delay  it. 

The  SurfControl  E-Mail  Filter  we  examined 
didn’t  support  the  capability  of  filtering 
internal  email,  but  the  vendor  offers  a  ver¬ 
sion  of  E-mail  Filter  that  integrates  into 
Microsoft  Exchange  and  lets  you  scan 
incoming  and  outgoing  internal  mail. 

One  vulnerability  on  all  the  content  filter¬ 
ing  products  is  that  there  was  nothing  to 
prevent  someone  whose  computer  is 
blocked  from  accessing  a  certain  site  from 


Global  Test  Alliance 


■  Miercom  is  a  member  of  the  Network 
World  Global  Test  Alliance,  a  cooperative  of 
the  premier  reviewers  in  the  network  in¬ 
dustry,  each  bringing  to  bear  years  of 
practical  experience  on  every  review.  For 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 


using  another  person’s  computer  to  access 
those  sites  if  that  PC  was  not  properly 
locked  down. 

The  human  factor 

While  content  filters  and  antivirus 
products  might  play  a  key  role  in  a 
company’s  overall  security,  it’s  also 
important  to  determine  how  people 


can  circumvent  even  the  best-laid 
security  plans. 

All  the  security  products  in  the 
world  won’t  protect  a  network  against 
user  error,  lack  of  training  on  security 
procedures,  improper  configuration, 
incorrect  use  of  passwords  or  mali¬ 
cious  intent  from  within. 

Humans  have  a  knack  for  figuring  out 


how  to  circumvent  security  devices,  and 
many  also  like  the  challenge. 

Yocom  is  senior  editor  and  Frigo  and  Van 
Derveer  are  test  engineers  at  Miercom,  an 
independent  testing  lab  in  Princeton 
Junction,  N.J.  They  can  be  reached  at 
byocom@mier.com;  mfrigo@mier.com ;  and 
dvanderveer@mier.com. 


Get  Real! 

Proper  email  content  security  requires: 

Q  Multiple  virus  engines 

Don't  depend  on  one  engine  only 

H  Email  content  &  attachment  checking 

Quarantine  dangerous  emails 

H  Exploit  shield 

Email  intrusion  detection  &  defence 

□  Email  threats  engine 

Analyses  &  defuses  HTML  scripts,  exe  files  &  more 

GFiMailSecurity 

Anti-virus,  email  content  checking,  exploit  detection  &  threats  analysis. 
Available  for  Microsoft  Exchange  Server,  Lotus  Notes  or  SMTP  mail  servers. 


Download  your  FREE  trial  today  at  www.gfi.com/nww 


Exchange  Server  is  a  trademark  of  Microsoft  Corp.  GFI  MailSecurity  is  a  trademark  of  GFI  Software  Ltd 


sales@gfi.com  |  Tel:  +1  888  2GFIFAX  |  Fax:  +1  (919)  388-5621  |  www.gfi.com 


Still  think 
1  anti-virus 
for  your 
mail  server 
is  enough? 
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M  Is  your  ISP  measuring  up? 
F;nd  out  with  ourTop  ISP  Re¬ 
port,  a  joint  venture  between 
Network  World  and  eTesting 
Labs’  Internet  BenchMark 
service  (www.etestinglabs 
.com).  The  data  here  is  for 
June  2002;  each  month  you 
can  go  online  at  Network 
World  Fusion  for  the  latest 
data. 

The  chart  at  right  shows  you 
the  top  dial-up  ISPs  in  the 
market  and  how  they  per¬ 
formed  in  eight  metrics,  as 
determined  by  eTesting  Labs’ 
Internet  BenchMark  data.  We 
analyzed  20  ISPs.  If  your  ISP 
isn’t  listed  among  the  top 
performers,  ask  it  why  it’s  not 
performing  as  well  as  its 
competitors. 


Top  ISPs  profile, 

June  2002 

Network  World  analysis 

National  retail 

AT&T  WorldNet  •  Clear  winner; 
still  a  class  above  others  in 
this  space. 

Regional  retail 

BellSouth  •  Strong  showing  with 
top  spots  in  five  out  of  nine 
categories  tested. 

Business-to-business 

AT&T  (BIS)  •  Strong  contender 
in  a  weakening  market. 


How  we  did  it 

Our  data  comes  from  oTesiifig  Labs 
and  its  Internet  BenchMark  division. 
.Network  Wodd  takes  the  data  and 
applies  statistical  analysis  to  rate  the , 
relative  performance  of  each  ISP  com¬ 
pared  with  the  other  ISPs  within  the 
'^;fine  market  classification  (national, 
regional  tie  business-le  business  ISP). 
■;y  Based'on  rliat  analysis,  wo  rank  the  lop 
K-y.lSPs  tor  tfie  imiiilli  listed.  The  chart  on 
H;  '  (hr  right  lists  the  ISPs  that  perfunn 
|g  ’^6ovc  average  tor  ttw  jitpiiw:  listed 
■j/rnHW  that  cfa«iilb4K)g, 


The  Top  ISP  Report 

How  is  your  dial-up  ISP  performing? 


Online! 

A  complete  REPORT  and  list  of  ISPs  tested.  ■  ARCHIVE  of  our  previous  monthly  reports. 


www.nwfusion.com 


June  2002 


National  ISPs 

Regional  ISPs 

B2B  ISPs 

Initial  modem  speed  ■ 

Rroadwing 

BellSouth 

AT&T  (BIS) 

Measurement  of  the  negotiated  connection  speed  to  your 

AT&T 

Verizon-East 

XO 

ISP  once  the  call  has  successfully  gone  through. 

Qwest 

McLeodUSA 

Average  for  market; 

49.37K  bit/sec 

49.06K  bit/sec 

49.13K  bit/sec 

Average  time  to  log  on  ■ 

AT&T 

SBC  Southwestern  Bell 

AT&T  (BIS) 

Reflects  the  time  taken  to  connect  and  authenticate  to  a 

Rroadwing 

BellSouth 

McLeodUSA 

provider  network  access  server  once  the  modem  takes  the 

EarthLink 

tine  off-hook. 

Average  for  market: 

29.61  seconds 

29.4  seconds 

29.96  seconds 

Average  download  time  ■ 

A0L 

Verizon-East 

AT&T  (BIS) 

The  time  taken  for  the  Web  page  to  download,  including 

CompuServe 

BellSouth 

McLeodUSA 

all  page  content.  Calculated  by  measuring  the  time  from 

Broadwing 

SBC  Ameritech 

the  first  HTTP  TCP  packet  being  sent  to  the  server  until 

the  last  HTTP  TCP  connection  has  terminated. 

Average  for  market; 

28.19  seconds 

30.55  seconds 

29.89  seconds 

Average  DNS  lookup  ■ 

AT&T 

SBC  Southwestern  Bell 

AT&T  (BIS) 

The  time  from  sending  the  first  DNS  query  until  a  response 

EarthLink 

SBC  PacBell 

WorldCom 

is  received  from  any  query  This  reflects  the  end-user  per- 

Prodigy 

SBC  Ameritech 

Genuity 

ception  of  the  DNS  resolution  time,  including  retries. 

Average  for  market: 

344.77  msec 

303.88  msec 

431.57  msec 

Average  Web  throughput  ■ 

Broadwing 

Verizon-East 

McLeodUSA 

The  effective  transfer  rate  of  the  connection.The  average  of 

AT&T 

BellSouth 

AT&T  (BIS) 

these  Web  throughput  measurements  is  presented  in  the 

Prodigy 

SBC  Southwestern  Bell 

reports.Throughput  does  not  necessarily  reflect  the  band- 

width  of  the  connection,  but  rather  the  effective  Web 

throughput  experienced  using  a  connection. 

Average  for  market: 

5.14K  byte/sec 

5.31K  byte/sec 

5.39K  byte/sec 

Evening-hour  call  failure  rate  ■ 

AT&T 

BellSouth 

AT&T  (BIS) 

How  often  a  modem  call  to  the  provider  gets  through  sue- 

Juno/MSN/ 

Qwest 

McLeodUSA 

cessfully  during  evening  hours.  A  failure  would  include  a 

Prodigy  (tie) 

Verizon-East 

WorldCom 

busy  signal,  ring  no  answer,  modem  problem  or  logon 

i 

r 

failure.The  lower  the  CFR.the  better. 

f 

[ 

Average  for  market: 

1.9% 

2.6% 

2.5% 

Business-hour  call  failure  rate  ■ 

AT&T 

BellSouth 

AT&T  (BIS) 

How  often  a  modem  call  to  the  provider  gets  through  sue- 

Juno 

Qwest 

McLeodUSA 

cessfully  during  weekday  business  hours.  A  failure  would 

MSN 

SBC  Southwestern  Bell/ 

XO 

include  a  busy  signal,  ring  no  answer,  modem  problem  or 

V 

Verizon-East  (tie) 

1 

I 

logon  failure.The  lower  the  CFR.the  better. 

f 

f 

Average  for  market: 

2.4% 

f 

3.1% 

Average  total  Web  fail/timeout  9 

AT&T/A0L  (tie) 

BellSouth 

AT&T  (BIS) 

Any  error  message  that  appears  as  a  dialog  box  for  the 

EarthLink/Prodigy  (tie) 

Verizon-East 

Internet  Explorer  browser  is  considered  a  Web  page 

SBC  Ameritech 

failure.  Any  download  that  takes  longer  than  4  minutes 

1 

to  complete  is  canceled  and  considered  a  Web  page 

timeout.  A  low  percentage  is  considered  better. 

‘  *  r\ 

Average  for  market: 

0.6% 

0.6% 

0.5% 

100%  Dell  performance  and  reliability. 
Up  to  50%  less  than  the  competition 
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PowerConnect  Switches.. .100%  no-brainer. 


ML  PowerConnect  S0 12 
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Right  now,  get  $100  off  Dell’s 

NEW  48  Port  PowerConnect  Switches. 

tTI  1 

it-  ■ — ■ 

Dell  |  Managed  Switches 

PowerConnect™  3024*  Switch 

PowerConnect™  5012*  Switch 

Scalable,  High-Performance  Managed  Switches 

•  24  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Up  to  1 2.8  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  (Supports  up  to  144  FE  Ports  in  a  Stack) 

•  3-Yr  Next  Business  Day  Parts  Replacement52 

High-Performance  All-Gigabit  Managed  Switches 

•  10  Built-In  Copper  Gigabit  Ports  Plus  2  GBIC  Slots 

•  Up  to  24  Gbps  of  Wire-Speed  Switching  Capacity 

•  Remote  Access  and  Management  Capabilities 

•  3-Yr  Next  Business  Day  Parts  Replacement52 

as  low  as  $20/mo..  (46  pruts:")  60  Days 
Same-As-Cash  for  qualified  customers 

U«lw  E-VALUE  Code:  12791-S10706 

A  m  as  low  as  $37/mo.,  (46  pmts")  60  Days 

|  Same-As-Cash  for  qualified  customers 

ILJJ  E-VALUE  Code:  1 2791  -  si  071 2a 

PowerConnect™  3048*  Switch 

PowerConnect™  3248*  Switch 

Rack-Dense,  High-Performance  Managed  Switches 

•  48  Fast  Ethernet  Ports  Plus  4  Built-In  Gigabit  Uplinks 

•  Up  to  21.6  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  (Supports  up  to  144  FE  Ports  in  a  Stack) 

•  3-Yr  Next  Business  Day  Parts  Replacement52 

•  Sale  Price  Includes  $100  Discount 

High-Performance  Enterprise  Class  Managed  Switches 

•  48  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Multi-Layer  Traffic  Classification  at  layers  2, 3,  and  4 

•  Advanced  Management  via  Browser  or  Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Parts  Replacement52 

•  Sale  Price  Includes  $100  Discount 

as  low  as  $34/mo..  (46  pints’0)  60  Days 
dl  J U U  Same-As-Cash  for  qualified  customers 

Iv  W  E-VALUE  Code:  12791-s10712b 

f\  f  \  as  low  as  $40/mo..  (46  pints’0)  60  Days 
«vl%J  Same-As-Cash  for  qualified  customers 

IJJv  E-VALUE  Code:  12791-S10714 

Managed  switches  you  can 
count  on  to  do  more  than  just  save  money.  Just  what  you'd  expect  from  Dell, 
proven  technology  that  cuts  costs.  So  whether  you're  building  your  first  network 
or  expanding  your  existing  one,  Dell  PowerConnect  managed  switches  can 
handle  your  busy  organization  and  help  you  save  money.  Equipped  with 
the  latest  industry-standard  technology,  PowerConnect  switches  are  highly 
interoperable  and  easily  integrate  into  an  existing  network.  They're  scalable  for 
future  growth  and  have  easy-to-use  management  features  to  help  you  improve 
network  up-time  and  security.  PowerConnect  switches  include  Next  Business 
Day52  Parts  Replacement  and,  of  course,  they're  all  backed  with  Dell's  service  and 
support.  Choosing  Dell  PowerConnect  switches  means  you  won't  have  to  sacrifice 
performance  for  price.  And  that's  a  concept  you'll  definitely  want  to  plug  into. 


G 

USE  THE  POWER  OF 
THE  E-VALUE  CODE. 

Match  our  latest  technology 
with  our  latest  prices.  Enter  the 

m 

E-VALUE  code  online  or  give  it 

VALUE 

to  your  sales  rep  over  the 
phone  www  dell  com/evalue 

n&i  r 

Growing  your  network.  Easy  as 

Visit  www.dell.com/switch  or  call  toll  free  1-800-847-4029 


Call:  M-F  7a  9p|Sat  8a  5p  CT. 

Pricing,  specifications,  availability,  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  chatges  extia.  and  vary  LIMIT  5  DISCOUNTED  OR  PROMOTIONAL  ITEMS  PER  CUSTOMER.  In  case  of  customers  leasing  under  these  promotions,  please  note  that  items  leased  will  be  subiect  to  applicable 
end-of-lease  options  or  requirements  Dell  cannot  be  responsible  for  errors  in  typography  or  photography 

'This  device  has  nol  been  approved  by  the  Federal  Communications  Commission  lot  use  in  a  residential  environment  This  device  is  not.  and  may  not  be.  offeied  for  sale  or  loase.  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  (he  FCC  has  been  obtained 

‘Monthly  payment  based  on  48-month  Quickloan  at  12  99%  interest  rale  for  qualified  Small  Business  customers  Yout  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  Minimum  transaction  site  of  $500  required  Maximum  aggregate  financed  •  >  v 
$25,000  Undei  60  Days  Same  As  Cash  QuickLoan.  interest  accrues  during  first  60  days  after  QuickLoan  Commencement  Date  (which  Is  five  days  after  product  ships]  if  balance  nol  paid  within  these  60  days.  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETEPMIN£D  BY  LENOtfl  b>< 
shipping  charges  are  extra  and  may  vary  Nol  valid  on  past  orders  or  financing.  QuicLLoan  ananged  by  CIT  OnLme  Bank  to  Small  Business  customers  with  approved  credit  ‘'Service  or  replacement  unit  (depending  on  service  contract)  may  be  provided  by  tlurd-p8rty  provider  10010111,00  or  rern.i  emeu:  c w  ■ 
dispatched  if  necessary  following  phone-based  troubleshooting  To  receive  next  business  day  service.  Dell  must  notify  the  service  provider  before  5pm  (depending  on  service  contract)  customer  time  Availability  vanes  Dell,  the  stylited  E  logo.  E-VALUE,  and  PowerConnect  are  trade-narks  Y  0r>  1 

Corporation  £>2002  Dell  Computer  Corporation  All  rights  reserved 


Pop  quiz 

Answer  these  questions  to  find  out  how  well  your  network  performs. 


Score  yourself 

Every  A  counts  for  three  points; 
every  B  counts  for  two  points;  and 
every  C  counts  for  one  point.  If  your 
score  equals: 


■  BY  JEFF  DREW,  SHAD  PETERSON  AND  AARON  MEYERS 

What  is  network  performance?  Latency,  throughput,  availability  or 
utilization?  The  correct  answer  is  all  of  the  above. 

Optimizing  network  performance  involves  making  selective  use 
of  more  advanced  functionality,  but  not  adding  so  much  com¬ 
plexity  that  the  network  is  unmanageable.  It  means  making  your 
network  infrastructure  more  application  aware.  Consulting  firm 
Greenwich  Technology  Partners  developed  this  quiz  to  help  you 
assess  the  health  of  your  network. 


1.  What  is  the  maximum  number  of 
router  hops  in  your  network? 

a.  Less  than  three. 

b.  More  than  three,  less  than  five. 

c.  More  than  five. 

2.  What  is  the  maximum  latency  on  the 
North  American  portion  of  the  WAN? 

a.  Less  than  60  msec. 

b.  Less  than  100  msec. 

c.  Less  than  120  msec. 

3.  How  much  jitter  occurs  on  your 
network? 

a.  20  msec  or  less. 

b. 40  msec  or  less. 

c.  80  msec  or  less. 

4.  What  is  the  difference  between  your 
peak  and  off-peak  response  time? 

a.  Less  than  20%  of  the  low-hour 
response  time. 

b.  Less  than  40%  of  the  low-hour 
response  time. 

c.  Less  than  100%  of  the  low-hour 
response  time. 

5  How  often  do  network  outages 
isolate  remote  sites? 

a.  Never. 

b. Once  a  year. 

c.  Monthly 

Do  you  make  routing  decisions  based 
on  application  protocols  above  the  IP 
protocol  layer  (multicast  user  ID)? 

a.  Only  at  our  Internet  gateway 

b.  Between  regions. 

c.  At  every  kind  of  routing  layer  we  can. 


7.  What's  the  best  way  to  improve  your 
network?  It  needs  to  be  more: 

a. Flexible. 

b.  Scalable. 

c.  Modular. 

8.  Do  your  remote  users  experience  the 
same  application  performance  that 
your  central  office  users  experience? 

a. Yes. 

b.  For  the  most  part. 

c.  Not  at  all. 

9.  What's  your  packet  drop  rate? 

a. 1%. 

b. 2%. 

c. 3%. 

10.  Do  you  trade  off  lower  transmission 
speeds  than  you  need  to  reduce 
bandwidth  costs? 

a.  Absolutely 

b.  Sometimes. 

c.  Never. 

11.  How  often  do  users  experience  time 
outs  within  the  corporate  LAN? 

a.  Occasionally 

b.  Rarely. 

c.  Never. 

12.  What  is  the  peak  sustained  pro¬ 
cessor  utilization  on  your  core 
routers? 

a.  Less  than  25%. 

b. 25%  to  50%. 

c.  Greater  than  50%. 

13.  What  is  the  peak  sustained  pro¬ 


cessor  utilization  on  your  edge 
routers? 

a.  Less  than  25%. 

b. 25%  to  50%. 

c.  Greater  than  50%. 

14.  What  is  the  target  bandwidth 
utilization  on  your  WAN  links? 

a.  Less  than  25%. 

b. 25%  to  50%. 

c.  Greater  than  50%. 


20  to  33  -  Slow  network:  You  have  to 
improve  your  network  per¬ 
formance  with  reengineer¬ 
ing  and  process  structur¬ 
ing.  An  application-aware 
infrastructure  assessment 
can  assist  in  this  effort.This 
approach  reviews  current  application 
profiles,  traffic  profiles  and  existing 
infrastructures  to  develop  an  approach 
to  remedy  all  performance  problems. 

34  to  51  -  Acceptable  performance: 


15.  How  often  do  you  exceed  your 
target  bandwidth  utilization? 

a.  More  than  an  hour  per  day 

b.  Less  than  an  hour  per  day 

c.  An  hour  or  less  per  week. 

16.  Does  adding  server  processing 
capacity  boost  application  perfor¬ 
mance  for  end  users? 

a.  Always. 

b.  Often. 

c.  Only  occasionally 

17.  Does  your  help  desk  receive  more 
“application  not  available"  than 
“server  not  available”  reports? 

a.  Every  day 

b.  Now  and  again. 

c.  Never. 

18.  Does  your  network  support  protocols 
other  than  IP  (SNA.  IPX,  DLSW)? 

a.  No. 


You  should  examine  improved 
performance  and  network  failure 
tools  such  as  synthetic  transac¬ 
tion  monitors  or  high-volume 
transaction  monitors  that  pro¬ 
vide  insight  into  rare  slow 
transactions. 

You  also  might  benefit 
from  one  or  more  of  the  fol¬ 
lowing  network  performance 
approaches  that: 

•  Define  the  target  for  quality  of  ser¬ 
vice  (QoS)  and  translate  these  service- 
level  agreement  targets  into  specific 
rules  for  network  behavior. 

•  Enable  QoS  for  the  corporate  infra¬ 
structure. 

•  Work  to  define  the  tool  sets  that 
will  enforce  the  QoS  policies. 

•  Classify  the  performance  metrics 
required  for  mission-critical  traffic. 

•  Develop  a  complete,  end-to-end 
QoS  model. 


b. Less  than  10  %  of  total  traffic. 

c. More  than  10%,  less  than  50% 
of  traffic. 

19.  Does  your  network  provide  the 
same  performance  levels 
across  primary  and  redundant 
circuits  and  architecture? 

a. Yes. 

b.  No,  but  it  should. 

c.  No,  and  doesn’t  need  to. 


52  to  60  -  Fast  network:  Your  net- 
/W\  work  has  great  perfor- 

mance  consistently. You’ll 
need  to  capacity  plan  and 
baseline  new  applications 
such  as  VoIP  and  video  to 
keep  up  this  performance. 
Perhaps  you  should  investigate 
data  engineering  considerations  such 
as  using  MPLS  for  convergence. 


20.  What  is  the  primary  reason  you'd 
implement  quality  of  service? 

a.  Manage  existing  performance 
affecting  traffic  congestion. 

b.  Avoid  possible  performance 
impacting  traffic  congestion. 

c.  Develop  service  application 
offerings  around  traffic  shaping. 


Drew  is  practice  director  of  application 
and  systems  performance,  Peterson  is 
practice  director  of  internetworking,  and 
Meyers  is  director  of  strategic  operations 
for  Greenwich  Technology  Partners,  a 
leading  network  infrastructure  consult¬ 
ing  and  engineering  firm.  They  can  be 
reached  at  jdrew@greenwichtech.com. 

(.LUSTRATION.  DAVID  GOLD* 


You  asked  for  a  KVM  switch  that  could  do  more.  We  delivered. 

The  Avocent  DS  Series  combines  analog  and  KVM  over  IP™  connectivity  to  give  you 
access  to  your  servers  from  any  location  you  choose.  Our  DS  Series  gives  you  much 
more  than  just  control  of  your  servers.  Now  you  can  use  the  power  of  IP  to  control 
servers,  routers,  firewalls  and  power  devices  -  all  from  a  single  screen!  Plus,  CAT  5 
connections  simplify  installation,  and  our  IP  architecture  makes  adding  servers  as 
easy  as  point  and  click. 

To  learn  how  Avocent  can  deliver  for  you,  download  a  free  KVM  Tech 
Guide  today  at  www.kvmguide.com  and  see  how  much  more  Avocent's 
DS  Series  can  do. 

Avocent.  the  Avocent  logo, "The  Power  of  Being  There",  'KVM  over  IP'  and  DSView  are  trademarks  of  Avocent  Corporation.  All  other  marks  are 
the  property  of  their  respective  owners  Copyright  c  2002  Avocent  Corporation. 


DSView  gives  you  "Click  and  Connect" 
access  and  control  of  all  the  KVM  and  serial 
devices  in  your  data  center. 


Avocent 

The  Power  of  Being  There 


mnibusmunr^j 


Request  for  your  FREE  CAS  booklet  at 


ww.cyclades.com /nw 

1-888-CYCLADES  1-888-292-5233 
510-770-9727 
sales@cyclades.com 
Fremont,  CA 


CYCLkDES 


CONNECTIVITY 


The  Cydades-TS  Series  of  Console  Access  Servers  provides  the  highest  port  density  and  security 
at  a  very  competitive  price.  By  using  Linux  as  the  embedded  OS,  it  offers  the  flexibility 
required  to  manage  our  dynamic  environment.  The  Cydades-TS  is  a  key  element  to  help 
us  keep  our  servers  up  and  running."  -  Pete  Kumler,  Manager  of  Site  Operations,  Yahoo!  Inc. 


Cydades-TS  Series 

Console  Access  Server 


IP  Filtering,  RADIUS,  and  Secure 

W '  “  ,.sV 

Linux,  FreeBSD,  Sun,  HP,  andlBli 


LINUX 


1/4/8/16/32/48  RS-232  pc 

tffc  on  1 U  oi  M 

i 

1  *  «  q  'Yxhooi  e  «  « 

\  .'rr.  '™****'m*.  \  m 

First  Linux-based  Terminal 

vovibs  on  iimi 

©2002  Cydodes  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  are  property  of  thier  respective  owners.  Product  information  subject  to  change  without  notice. 


WHAT  DO 


^  Princeton  University _ 

0  The  US  Treasury  Department _ 

^  The  Democratic  National  Committee 

^  Blue  Cross  Blue  Shield _ 


have  in  common? 


They  all  chose  FAST  LINKS  to  handle 
their  needs  for  wireless  WAN  connectivity. 


Call  FASTLINKS  today 
and  see  what  sets  them  apart 
from  others  in  the  field  of 
wireless  integration. 

FASTLINKS 


www.wirelesswans.com 
(877)  877-0176  toll  free 


If  you're  responsible  for  safeguarding  your 
organization's  intellectual  assets  and  enterprise 
networks,  SilentRunner  is  your  next  step  in 
security  technology.  Our  patented  Network 
Securin'  Analysis  products  provide  you  the  abil¬ 
ity  to  cost-effectively  safeguard  your  electronic 
property  by  correlating  remote  and  internal 
communications  and  data  into  critical  decision¬ 
making  information. 

SilentRunner's  state-of-the-art  visualization 
technology  further  empowers  organizations  to 
solve  complex  problems  by  expediting  network 
security  and  network  management  decision¬ 
making  efforts. 


Information  Rules.  Protect  Yours. 

For  your  free  "Risk  Management 
&  Security"  White  Paper,  visit 
www.silentrunner.com,  or  call  \  ^ 

800-842-2366  ext  2  today.  \  ^ 


SilentRunner 

www.silentrunner.  com 

849  International  Drive  •  Linthicum,  Md  21090  •  81X484 2-2 566 


2001 
KVM  Access 
over  IP 


1999 
KVM  Access 
over  Cat5 


KVM  Access 
Over 

Web  Browser 

If  having  remote  access  to 
your  servers  over  IP  means 
installing  proprietary  software 
or  PCI  cards,  that's  not 
convenient,  anywhere,  anytime 
access.  Introducing  the  new, 
multi-port  TeleReach®. 

TeleReach  is  the  easiest,  most 
secure  way  for  one  or  more 
users  to  remotely  access  and 
manage  multiple  servers 
through  a  KVM  switch,  from 
any  PC  running  the  Internet 
Explorer®  4.0  browser.  j 

To  see  and  feel  the  power  of  i 

remote  KVM  access  over  Web  > 

browser,  call  Raritan  Sales  at  ! 

(800)  724-8090  to  sign  up 
for  a  live  demo  from  your 
own  desktop. 


1988 
KVM  Access 
over  Coax 


OvV 


800-724-8090 
732-764-8886 

X  /  L  \  \ 

Intelligent  KVM  Switch  Technology 

Ran  tan  and  TeleReach  are  registered  tradem  arks  of  Raritan  Computer,  tnc.  MicrotdSl  Internet  Explorer  is  a  registered  Vademark  of  the  M.t.--  «,-->» 
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The  Hub  of  the  Hetwork  Buy 


BuyUptime.com 

com  Your  One-Stop  Shop  for  high  availability  products 


UPS  Cables  and 


UPS  Management 


UPS  Management 


UPS  Replacement 


High  Availability  Made  Easy 


As  a  leading  supplier  in  end-to-end  UPS  power,  thermal  cooling  and  management  solutions,  BuyUptime.com 
can  accommodate  the  level  of  availability  many  customers  have  come  to  expect.  Join  us  today  and  let 
BuyUptime  be  your  one-stop  shop  for  high  availability  solutions. 


Hof  Summer,  Coo/  Network!  ) 


NetworkAIR™  1000 

The  NetworkAIR  1000  is  a  portable,  compact,  air  conditioner 
designed  for  spot-cooling,  emergency  cooling  and  after  hours 
cooling  of  server  closets,  data  centers,  conference  rooms,  home 
offices  or  rooms  housing  heat-sensitive 
equipment.  Providing  1 ,6kW  of  supplemental 
cooling,  the  NetworkAIR  is  a  great  choice  for 
eliminating  localized  hot  spots. 


(including  shipping 
and  handling) 


Additional  Features  Include: 

■  Electronic  control  panel  with  LCD  display 

■  Automatic  turn-on/shut-off  timer 

■  Oscillating  automatic  swing  louvers  for  even 
air  distribution  in  the  room 

■  Includes  ceiling  warm  air  exhaust  kit 

■  Quiet,  high  efficiency  rotary  compressor 

■  Programmable  digital  thermostat 


Part  #  AP7003 


Order  via  our  promo  page  and  save  an  additional  $10 

Visit  http://promo.buyuptime.com 

and  enter  the  Key  Code  f859y 


Call  Toll  Free 

888-288-8843  to  order. 

Fax:(877)411-2080  •  B-mailxustomerservice@buyuptime.com 
801  Corporate  Centre  Drive,  St.  Charles,  MO  63304  •  BY2A1  EP-USd 
©2002  Systems  Enhancement  Corp.  All  Trademarks  are  the 
property  of  their  owners. 


ICSA  Certified 

Box 

System  Software 

Features  include: 

•  High  Performance 

•  Built-in  IPsec  VPN 

•  Stateful  Packet  Inspection 

•  Dynamic  &  Static  NAT 

•  PPP  and  PPPoE  Support 

•  DHCP  Services 

-  .-  *  ■  r  • 

•  DNS  Server 

•  Mobile  VPN  Client  Support 

•  Content  Filtering 


•  Gigabit  Ethernet 

•  Secure  Remote  Management 


•Email  Proxy 


Sales:  (800)  775-4GTA 
■  Tel:  (407)  380-0220 
Email:  info@gta.com 


Web:  http://www.gta.com 


Security 


Firewall  Appliances 


RoBoX  Firewall 

Remote  office/branch  office  versatile  firewall 
appliance  for  offices  with  fewer  users. 


GB-1000  Firewall/VPN  Appliance 

High  performance,  firewall  with  unlimited  user 
license,  IPSec  VPN  and  High  Availably  feature. 


Firewall  Software  Systems 

GB-  Flash 


All  the  power  and  functionality  of  the  GB-1000  on  an  easy  to 
install,  solid-state  flash  memory  module. 


GNAT  Box  Pro 

Simple,  powerful,  high  value  firewall  that  runs  and  boots  from  a 
floppy  diskette  on  a  486  CPU  (or  higher)  and  1 6MB  of  RAM 


Global  Technology  Associates,  Inc. 

Firewall  developers  since  1994 


Rose  Electronics 

10707  Stancliff  Rd. 


Houston,  Texas  77099 

281-933-7673 


800-333-9343  WWW.ROSE.COM 


USA  .  CANADA  .  ENGLAND  .  FRANCE  .  GERMANY  .  BENELUX  .  AUSTRALIA  .  SINGAPORE 


The  UltraLink  is  the  Rose  Electronics  answer  to 
Modem  and  Ethernet  remote  access! 

Server  access  over  IP  technology  allows  you  to 
access,  control  and  provide  computer 
maintenance  from  anywhere  in  the  world.  When 
combined  with  Rose  KVM  switch  technology, 
server  management  administrators  can  have 
faster  access  saving  time  and  money. 

With  dial-in,  dial-back  security  and  high- 
resolution  quad  screen  and  SSL  encryption,  the 
UltraLink  raises  the  KVM  industry  bar  in  remote 
server  access. 

A  KVM  industry  pioneer,  Rose  Electronics  is 
recognized  for  superior  KVM  switch  technology. 
Product  integrity,  simplicity,  and  reliability  are 
the  hallmarks  of  all  Rose  products. 

Call  Rose  to  learn  more  about  remote  server 
management  today. 


4%  ROSE 

ELECTRONICS 
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There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


Expert  Observer 

Observer  Suite 

$2895  $ 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 

©2002  Network  Instruments,  LLC.  Observer,  "Network  Instruments”  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  i:  _ 
All  other  trademarks  are  property  of  their  respective  owners. 
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The  Hub  of  the  Hetwork  Buy 


edA  Reliable  Rack  Modem? 


onvenient  Dial-Up  Access  to  Your  Equipment  Bays 


Fault  Tolerant  Modem  (FTM) 


Remotely  Configurable 

AC  and  -48V  DC  Power  Options 

Internal  Filtered  and  Surge  Protected  Power  Supply 

Powers  Up  to  Specified  Answer  Rings  and  Baud  Rate 

Standard  “AT”  33.6  Kbps  Modem 


Defux 


Password/Dial  Back  Modem  (SRM) 


AC  or  -48V  DC  Power 


/  Modem  Port 
Local  RS232  Console  Port 


33.6  Kbps  Modem 


Up  to  100  Individual  Passwords 
Audit  Trail  Log  with  Time/Date  Stamp 
Remotely  Configurable 
Standard  “AT”  33.6  Kbps  Modem 
19”  or  23”  Rack  Options 


NEBS  Approved 


www.wti.com 


(800)  854-7226 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  •  92618-2517 


Keeping  the  Net.. .Working! 
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SharkRack™ 
Systems  are  the 
leading  racking 
solution  for  multi¬ 
vendor  configura¬ 
tions.  We  rack 
Sun™,  Cisco™, 
Compaq™,  HP™ 
and  almost  any 
19”  El  A  standard 
unit.  Our  current 
Sun™  rack-mount 
kits  include: 

•  SunFire™  3800- 
4800  series 
servers 

•  E3500,  E4500 

•  A5000 

•  T-3 

•  Many  more, 
see  web  site 
for  details 


The  SharkRack  LCD  monitor  and 
keyboard  has  TFT  quality  video 
imaging  on  a  sliding  tray  that  is 
only  1.75”  high. 
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The  NetBotz™  RackBotz  unit 
installs  in  a  cabinet  and  monitors 
internal  conditions.  If  a  problem 
occurs,  it  will  send  out  an  alert  by 
email,  pager,  or  other  device. 


bid' <•  »  e i  SharkRack  me-  Al  r*gr««  reserved  NetBotz  •$  a  trademark  of  RaoBotz  Inc  HP  «  a  trademark  of  Hewlett  Packard  Inc  Compaq  <s 

ot  St*  Mcfooyttems.  Inc  C*»co  «  a  trademark  ot  C«sco  Systems  Inc.  AH  other  trademarks  are  me  property  ot  me*r  respective  holders 
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Try  SharkRacks™.  Our  rack-mount  units  will 
safely  house  virtually  any  19”  EIA  standard  unit. 
Have  Suns?  No  problem.  What  about  Cisco  gear, 
or  Compaq,  or  HP  servers?  Sure.  We  can  rack 
that.  With  SharkRack  you  get  a  great  looking 
cabinet.  Our  space  savings  and  cabling  features 
will  organize  your  systems.  Most  importantly,  with 
our  NetBotz  unit  watching  over  your  systems, 
you’ll  always  know  what’s  going  on.  Call  us  today 
or  log  on  for  more  details  to  see  how  we  can  help 
you  save  space,  keep  cool,  and  look  good. 


vSHARK  877-427-5722 
IrAwiV  www.sharkrack.com 


Wondering  How  To  Get  More 
Out  Of  Your  Data  Center? 


The  Hub  of  the  Network  Buy 


Sentry  :  PowerTower 


How  do  you  reboot  l6 

equipment  units... 


using  Zero  U 

of  rack  space? 


9  Sentry  POWER  TOWER  :  Your  Zens  U  Reboot  Solution 


16  remotely  addressable  power  outlets  — 
The  highest  density  available  of  any 
Remote  Power  Management  vertical  strip. 
30-amp  power  Input  feed  distributed 
across  16  outlets. 

Mounts  vertically  in  your  equipment  rack  or 
cabinet  and  requites  Zero  li  of  rack  space. 
Load  Sense  provides  real-time  current 
monitoring  in  the  remote  screen  interface 
and  through  a  built-in  LED  display  for  on¬ 
site  measurement. 

Power-up  sequencing  of  alt  16  outlets 
prevents  an  In-rush  current  overload. 
Telnet.  SNMP.  Modem  or  RS-232  Interfaces  for  easy, 
practical  and  secure  power  management  of  remote 
Internetworking  equipment. 


Install  the  new  Sentry  Power  Tower  in 
.  your  data  center,  NOC  or  co-lo  facility 
;  and  gain  the  advantage  of  remotely 
rebooting  up  to  16  of  your  equipment 
units  -  without  occupying  any  space  in 
your  rack  or  enclosed  cabinet 

j  Try  the  New  Sentry  Power  Tower  in  your 
rack  or  cabinet  and  realize  the  benefits 
’■  of  Intelligent  Power  Distribution  and 
Remote  Power  Management 


See  our  complete  product  line  at  wwnuervertech.com 
or  call  800.835.1515  or  775.264.3000 


■  Another  grnsi  product  Iran 

Server  Technology,  Inc 
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NetworkWorld's 


MarketPlac 


Cisco 

Routers 


Switches 

Hubs 

Voice  Over  IP 

Memory 

Security 

Interface  Modules 
Port  Adapters 
Wireless 


World  Data  Products  introduces  its  new  Cisco 
Router  and  Switch  poster.  It  provides  at-a-glance 
information  on  model  capacities,  interface  cards 
and  available  features. 

The  Cisco  Poster  is  a 
valuable  tool  for 
network  planning. 

Call  877.231.2451  or 
visit  www.wdpi.com 
to  request  your 
FREE  Cisco  Router 
and  Switch  poster. 


fr  >; 


Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 

www.wdpi.com  •  877.231.2451  •  cisco@wdpi.com 

121  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 


The  dtSearch 
product  line 
instantly  searches 
gigabytes  of  text 
across  a  desktop, 
network,  Internet 
or  Intranet  site. 


Spider 


Spider  and 
search  Web 
sites  ♦  included 
with  all  products 


Instantly  Search  GtGi 
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dtSearch 


"Superb  ...  a  multitude 
of  high-end  features" 

—  PC  Magazine 

"Very  powerful  ...  a 
staggering  number  of 
ways  to  search" 

—  Windows  Magazine 

"A  powerful  text  mining 
engine  ...  effective 
because  of  the  level  of 
intelligence  it  displays" 

—  PC  Al 

"Impressive" 

—  PC  Magazine  Online 

"A  tremendously 
powerful  and  capable 
text  search  engine" 

—  Visual  Developer 

"Intuitive  and  austere  ... 
a  superb  search  tool" 

—  PC  World 


® 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 

Fast,  precision  sea 

♦  over  two  dozen  text  search 
options 

♦  indexed,  unindexed,  fielded 
and  full-text  searching 

Organization-wide 

reach 

♦  highlights  hits  in 
HTML  and  PDF  ^ 
while  keeping 
embedded  links  1 
and  images  intact 

♦  converts  other  file 
types  —  word 
processor,  database, 
spreadsheet,  emai' 

XML,  Unicode,  etc.  —  to 
HTML  for  display  with 
highlighted  hits 

1-800-IT-Flli 
www .  dtsearch.  com 

sales@dtsearch.com 


Desktop 

Find  anything, 
anywhere, 
instantly  ♦  $199 


Network 

Search  the 
many  forms  of 
data  that  exist 
across  a  large 
enterprise 
network 
♦  from  $800 


gm 


Publish  iamS’our  c  larqe  document 

Publish  a  searchable  code  in  mult, pie  .  \ 

database  to  programming  COll^CtlOltS  tO 

CD.  DVD  tanguages  .;> 


♦  from  $2,500 


Web 

Add  instant 
||searching  to 
your  site 
£[$999  per  server 


Visit  www.dtsearch.com 


for  30-day  evaluations 
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Dial  Access  at  its  best! 


Equinox  Multi-modem  Adapters 


Fax  server 
Dial  access 
Data  collection 
Modem  pooling 
Internet  access 


provide  up  to  44%  savings  over  the 
leading  competitors  of  similar  products 


Call  1-800-275-3500,  ext.  61 5 
for  a  FREE  30-day  evaluation! 


Lowest  CPU  u 

tilization  t  ^ 

Installs  in  min 

li:  %€y: 

Requires  no  in 

. 

■  ■  -S 

dcrmsasa 

or  email:  sales@equinox.com 


For  more  infOmation  on  Equinox  products  visit  our  website  at  -  www.equinox.com 


Falcon  Set-top  Appliance 
Keeps  Valuable  Employees 
Out  of  Drafty  Airports. 

Video  and  data  conferencing  -  all  in  one 
For  more  information  about  Falcon,  call  1-800-418-5328. 


an  Avocent  Company 


VCON 


www.vcon.com 


VISUAL  COMMUNICATIONS 


mmmm 

NETWORK 

FORENSICS 

ANALYSIS 


©  Patent  Pending  SSH2  Decryption 
©  Catches  Header  and  Port  Spoofing 
©  Reassembles  Packets  into  Streams 
•  Guaranteed  Invisible  on  the  Network 
$  View  Email,  Web  Pages,  and  File  Contents 
£  Finds  and  Reports  Cleartext  Passwords 
©  Full-Content  Inspection  &  Analysis 
©  Filters  or  Records  All  Your  Traffic 
©  Drill  Down  through  Connections 
©  Secure  Remote  Administration 


Sandstorm  Netlntereept  Tools  with 

Lnterprises“  Knowledge  is  Power  sharp  edges? 


For  a  Free  Whitepaper  or  Demo 
VISIT  www.netintercept.com 

•  i  Copyright  c  2002  Sandstorm  Enterprises.  Inc  All  Rights  Reserved 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 


Boson  Training  < 

(813)  925-0700 
I  www.bosontraining.com 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
wireless,  CISSP 


Learnkey  Inc.  < 

(800)  865-0165 
www.leamkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 


PMG  NetAnalyst 

(800)  645-8486 
I  www.NetworkTraining.com 
Network  Forensic  Analysis  and 
Security  Training  and  Services 


Infinity  I/O 

(800)  990-0955 
www.infinity1o.com 
Fibre  Channel  &  SAN  Training 
&  Certification 


TechEd  Services 

(407)  243-6494 
www.techedsvcs.com 
Customized  onsite  training  for 
Microsoft,  Cisco,  Network  Associates 


George  Washington  Univ 

(202)  973-1175 
www.cpd.gwu.com 
Oracle  DBA  Cisco  CCNA  Java 
wireless  networks 

. .  ■  -  ■  ■  . 
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NetSmart  Learning  Partner 


Extend  the  life  of  your 

Networking 

l\le;*L->KI, 


Your  Alternative  to  factory  New  products 


•  A-1  Quality  Pre-Owned  Tested  Equipment 

•  50-85%  Savings  off  List  Prices 

•  120-Day  Limited  Warranty 

•  100%  30  Day-Money  Back  Guarantee 

•  Large  Inventory,  Same  day  Shipping 

•  Extended  Warranties  Available 

-  Professional  Quality  Packaging 

Request  a  Quote  on-line  at: 

www.bizint.com 
e-mail:  info@bizint.com 


(m\ 

Your  global  alternative 
to  factory  new  products 


(877)  438-2494 

or  (315)  458-9606  We  Buy,  Sell, Trade  and  Lease... 


CISCO.  EXTREME.  JUNIPER.  BAY/NORTEL.  3COM.  FOUNDRY.  CABLETRON 
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Advertise  in  the 
Marketplace  and  watch 
your  sales  come 
pouring  in! 


Call  Direct  Response 
Advertising 
1-800-622-1108 
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Tel:  408.727.1122  EeCERREW 
Fax:  408.727.8002  technologies,  inc. 

343  1  DE  LA  CRUZ  BLVD.  SANTA  CLARA,  CA  95054 
WWW.RECURRENT.CDM  INFC@RECURRENT.CQM 


Buy,  Sell  or  Announce  -m 

Network  Products 
and  Services  with 
Network  World's  Marketplace 
Call  800-622-1108  ext.  6507 


For  more  information 
on  advertising  fn 
We+worfc  Wor(dfs  Marfce*Mace 
contact;  £nfco  Gafcale? 
800-611-1108  ext. 
egu  tale®  nww.com 


NORTEL  NETWORKS 


m  m  SSS  #*»*»*• 


* 


Why  Are  We  The  Best? 


•  Nortel  Service  Contracts  •  Free  Technical  Support 

•  Nortel  Service  Renewals  *  Next-Day  Hardware 

Replacement 

•  Good  As  New  Gear, 

Same  as  New  Warranty 
-  at  Better  Than  New  Prices 

Refurbished  Specials: 

ASN/2-32mb  Refurbished  Advanced  Stack  Node  Bundle 

Indudes  AF0002E13-32mb  Redundant  Base  Unit 
lx  34000  Dual  Ethernet,  lxAF2t  11005  Quad  Sync 

Special  $2,995 

lx  AA001 1004  Fast  Packet  Cache,  lx  AF2I040I3  128  bit  Compression  Module 

BayStack  350T-HD  (AL2012E10)  24  Port  10/100  switch 

Refurbished  Grades  may  vary.  "A"  Grade  sale  price  $350.00 

One  Year  Warranty 

As  Low  As  $150 

Bays  tack  450-24T  (AL2012E14)  24  Port  10/100  Stackable 

Special  $895 

Backbone  Router  Spedal-AG  1004005 

Refurb  kit  indudes  Dual  100BT  with  the  Fast  FRE2-060-64mb 

Special  $3,249 

Dont  want  used?  Try  our  low  prices  on  new!  Call  Today! 

Coll  f°r  Free  Quote! 

fijn  888-8LANWAN  —M 

(888-852-6926)- 

Notional  LAN  Exchange  •  WWW.nle.com 
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Also  Available:  Wellfleet,  Bay,  Fore, 
Xylogics,  Livingston,  &  Ascend 

in  Stock  •  Fast  Delivery  •  No  Expedite  Charges 


COMSTAR,  INC. 

The  *1  Network  Remarketer 

952*835*5502 

Fax  952-835-1927  E-Mailsales&comstarinc  com 


iiumi 

See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  goods.  Gifts 
Pens.  Clocks.  Lighters.  Games 

www.suitcase.com 


METRO-NORTH  COMMUTER  RAILROAD  ADVERTISEMENT  OPERATING  FUNDED 

NOTICE  is  hereby  given  that  METRO-NORTH  COMMUTER  RAILROAD  will  receive  bids/proposals  for  the 
following  Services  and/or  Products  below,  on  which  date  they  will  be  received  at  the  indicated  time  at 
the  Railroad's  offices  at  347  Madison  Avenue,  New  York,  New  York  10017.  Copies  of  the  Solicitation 
Documents  may  be  obtained  from  the  designated  contract  officer  at  the  aforementioned  address.  Fax 
bids  are  not  accepted. 

IFB/RFP/RFQ.  NO.  201062 

DESCRIPTION  Information  Technology  Training  Services 

Metro-North  Railroad  and  other  affiliate  MTA  Agencies  are  seeking  the  services  of  qualified  firms  to 
provide  Information  Technology  Training  Sen/ices.  The  required  training  will  support  all  areas  of 
Information  System  Technology  such  as  Mainframe  Operating  System.  Application  Software,  and 
Microcomputer  hardware/software. 

The  initial  contract  term  is  for  a  total  of  three  13)  years  with  Metro-North  Railroad  resenring  the  contract 
option  to  renew  tor  two  12)  additional  years 

DUE  DATE/TIME  9/5/2002  -  5:00  p.m.  (Close  of  Business) 

CONTACT  PERSON  Akbar  lotfipour 

ph  -  (212)  340-3177  fx  -  (212)  340-4034  eMail  -  lotfipour@mnr.org 

EQUAL  EMPLOYMENT  OPPORTUNITY:  Contractors  will  be  required  to  comply  with  all  applicable  Equal  Employment 
Opportunity  laws  and  regulations.  2.  INELIGIBLE  BIDDERS:  All  Contractors  will  be  required  to  certify  that  they  are  not 
on  the  U.S.  General  Services  Administration's  List  of  Parties  Excluded  from  Federal  Procurement  or  NonProcurement 
Programs  3.  MINOBITY/WOMAN/DISADVANTAGED  BUSINESS  ENTERPRISES  Metro  North  Commuter  Railroad 
hereby  notifies  all  proposers  that  it  will  affirmatively  insure  that  in  regard  to  any  contract  entered  into  pursuant  to  this 
advertisement,  Minority/Woman/Disadvantaged  Business  Enterprises  will  be  afforded  full  opportunity  to  submit 
Proposals  in  response  to  this  invitation  and  will  not  be  discriminated  against  on  the  grounds  of  race,  color,  sex  or  nation¬ 
al  origin  in  consideration  for  an  award. 
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Florida  Community 
College  at  Jacksonville 
invites  applications  for 
our  E-Systems 
Developer  position. 


E-Systems 

Developer 


The  selected  individual  will  devel¬ 
op  web  applications  for  college  web 
sites  and  portals.  Prepare  functional  and 
technical  specifications  for  solutions  to 
highly  complex  problems  and  programming 
needs.  Define  system  and  software  require¬ 
ments  and  develop  potential  options  to  meet  customer 
requirements.  Develop  test  plans  and  procedures,  perform  unit 
and  integration  testing,  document  test  results,  evaluate  and  correct 
defects,  and  make  appropriate  recommendations.  Perform  system  main¬ 
tenance,  recommend  application  /  site  improvements,  and  ensure  system  func¬ 
tion  and  viability.  Position  requires  an  individual  to  possess  strong  human  relation 
skills,  detail  and  systems  orientation  with  strong  organizational  ability.  Must  be  able 
to  perform  in  a  challenging  and  demanding  production-oriented  environment,  be 
competent  in  handling  multiple  tasks  independently,  meet  deadlines,  and  have 
exceptional  customer  service  skills.  Work  collaboratively  with  other  college  groups 
for  coordination  and  planning  purposes  and  manage  special  projects  and  technology 
initiatives. 

MINIMUM  QUALIFICATIONS:  High  school  diploma  or  GED  supplemented  by 
three  (3)  years  of  programming  experience. 

SALARY:  $48,984  -  $67, 992  (Dependent  upon  education  and/or  experience). 

How  to  apply:  Interested  candidates  must  submit  a  Florida 
Community  College  at  Jacksonville  application,  resume,  cover 
letter  addressing  the  qualifications  of  the  position  and  unofficial 
copies  of  transcripts.  An  Administrative/Faculty/  Professional 
application  can  be  downloaded  from  our  web  site  at 
www.FCCJ.org/HumanResources,  obtained  at  the  Human 
Resources  Department  at  501  W.  State  St,  Jacksonville,  FL 
32202,  by  calling  (904)  632-3210  days  and  (904)  632-3160 
evenings/weekends  or  by  e-mail  to  employment@fccj.org. 

FCC]  is  an  equal  access/equal  opportunity  employer. 


FLORIDA 
COMMUNI  1  ¥ 
C  O  L  L  t  <j  K 


SAVE  UP  TO  $100!  Register  using  priority  code  IWIDG 


InterWorks  2002 

THE  HP  TECHNICAL  TRAINING  CONFERENCE 


Co-located  with 

^  s 

HI)  WORLD  2002 

Conference  h  Expo 


Strengthen  Your 
Linux  and  HP-UX  Expertise 
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For  the  first  time  ever,  InterWorks 
attendees  have  the  opportunity  for 
on-site  HP-UX  and  Linux  Certification 
Testing.  And,  as  an  attendee, 
you’ll  save  50%  off  of  testing  fees! 

At  InterWorks,  you’ll  also: 

■  Attend  in-depth  HP-UX  and  Linux 
classroom-style  tutorials  and  seminars 
(beginner  to  advanced  levels). 

■  Get  hands-on  experience  with  new  HP 
technologies  via  tutorials  and  an  exten¬ 
sive  HP  Technical  Demonstration  Lab. 

■  Share  experiences  and  make  con¬ 
nections  with  over  700  professionals 
like  yourself. 


Platinum  Sponsor 

m 

invent 


September  23  -  27,  2002  ■  Los  Angeles  Convention  Center 


REGISTER  TODAY! 
interex.org/jnterworks 


Data-Core  Systems  seeks  qual¬ 
ified,  experienced  info  tech 
professionals  for  the  following 
positions: 

GUI  Devtprs  -  Req.  bachelor's 
degree  or  equiv  in  comp  sci  or 
eng'g;  2-5  yrs  exp  req;  exp,  bkgd 
or  training  must  incl  use  ot  front- 
end  tool  such  as  PowerBuilder  or 
Visual  Basic,  use  of  SQL  & 
RDBMS  back-end  incl  Oracle 
7.1  or  later.  Some  positions  also 
req  Crystal  Reports  or  Rational 
Rose  &  Windows  NT.  others  may 
req  object-oriented  dev't  bkgd 
such  as  C++;  internet  bkgd  such 
as  HTML  &  JavaScript. 

Mainframe  Dvlprs  -  Req.  bache¬ 
lor's  degree  or  equiv  in  comp  sci 
or  eng'g;  exp  must  incl  IBM  main¬ 
frame  environ  incl  MVS,  as  well 
as  DB2,  COBOL  &  Internet 
related  skills  incl  JavaScript, 
HTML  &  DHTML. 

Relational  Database  Designers 
/Dvlprs  -  Req.  bachelor's  degree 
or  equiv  in  comp  sci  or  eng'g; 
exp,  bkgd  or  training  must  incl 
use  of  Visual  Basic,  Sybase,  IIS 
&  PowerBuilder,  as  well  as  ASP 
&  Java, 

Systems  Administrators  -  Req. 
bachelor's  degree;  3-5  yrs  bkgd, 
training  or  exp  in  Unix,  C  &  Oracle, 
as  well  as  telecommunication 
bkgd  incl  administration  &  con¬ 
figuration.  Also  need  exp  with 
IBM  mainframe  systs  incl  MVS, 
JCL,  CICS  &  COBOL. 

Network  Administrators  -  Req. 
bachelor's  degree  in  comp  sci  or 
eng'g;  exp,  bkgd  or  training  must 
incl  computer  networking  &  data 
communications,  Oracle  data¬ 
base  admin.  Must  have  extensive 
exp  in  LAN  &  WAN  networking  & 
server  admin  with  Microsoft  & 
Unix  platforms. 

Object-Oriented  Designers/ 
Developers  -  Req.  bachelor's 
degree  or  equiv  in  comp  sci  or 
eng'g;  object-  oriented  bkgd  incl 
Java  &  C++,  as  well  as  Unix 
operating  system  &  Sybase  or 
Oracle  RDBMS. 

Communications  Systems  Soft¬ 
ware  Developer-  Req.  Bachelor’s 
degree  or  equiv  in  comp  sci  or 
eng’g  with  3-5  yrs.  bkgd;  Must 
have  experience  in  SNMP, 
Frame  Relay,  UNIX,  C,  Socket 
Interface,  Network  Node  Man¬ 
ager,  TCP/IP,  Open  View,  Shell 
scripting,  Oracle  SQL,  Configu¬ 
ration  Management  Software 
(knowledge  of  Sablime  a  big 
plus). 

ONLY  QUALIFIED  U.S.  WORK¬ 
ERS  NEED  APPLY.  MUST  BE 
WILLING  TO  RELOCATE  TO 
VARIOUS,  UNANTICIPATED 
LOCATIONS  THROUGHOUT 
THE  U.S.  Please  send  resume 
directly  to  Recruiting  Manager, 
Ref.  Code  #  CW0702,  DataCore 
Systems,  Inc.,  3700  Science 
Center,  Philadelphia,  PA  1 91 04. 


Full-time  Application  Engineer, 
Supply  Chain:  Design,  develop, 
prototypes  &  test  supply  chain 
software  application  models 
based  on  solution  designs  as 
well  as  develop  functional,  per¬ 
formance  &  systems  integration 
test  plans,  planning  work  flow  & 
modify  &  create  reports.  Provide 
detailed  data  requirements  to 
build  supply  chain  software 
application  models.  Construct 
prototype  &  test  supply  chain 
software  application  modes  for 
super-users.  Develop  &  execute 
functional  test  plans  for  super- 
users,  performance  test  plans  & 
provide  &  implement  statistical 
data  analysis  solutions.  Work 
with  i2  products;  Supply  Chain 
software  applications  inc.:  De¬ 
mand  Planning,  Inventory  Plan¬ 
ning,  Replenishment  Planner 
&  Supply  Chain  Planning  as  well 
as  work  w /  HP-UX,  Unix  & 
Windows  NT  environments. 
Must  have  Master's  degree  in 
Computer  Science  any  Engi¬ 
neering  discipline  or  related  field. 
Must  have  minimum  2  yrs.  exp. 
in  the  job  offered  or  position  w/ 
same  duties.  Send  Resume: 
PSS  World  Medical,  Inc.,  Ann 
Christante,  4345  Southpoint 
Blvd,  Jacksonville,  FL,  32246 


F/T  Manager,  Supply  Chain 
Technology:  Translate  company's 
supply  chain  business  require¬ 
ments  into  software  application 
models  &  ensure  knowledge 
transfer  on  supply  chain  man¬ 
agement  solutions  &  best  prac¬ 
tices.  Responsible  for  the  trans¬ 
lation  of  requirements  into 
solution  practices  &  providing 
data  analysis.  Responsible  for 
the  translation  of  requirements 
into  Solution  Architecture  & 
ensuring  the  knowledge  transfer 
to  business  users.  Apply  systems 
analysis  techniques  and  proce¬ 
dures  to  identify  business  func¬ 
tional  specifications  &  develop 
specifications.  Develop  manage¬ 
ment  reports  &  exception  work- 
flows  based  on  statistical  analysis. 
Document,  track  &  control  solu¬ 
tion  and  product  related  issues  & 
participate  in  resolution  of  cross¬ 
project  issues.  Manage  multiple 
projects  &  tasks.  Utilize  knowl¬ 
edge  in  web-based  technologies 
such  as  Visual  Basic,  C++,  Visual 
Interdev,  Borland  C++  Builder, 
COM  &  ASP  to  work  w/  standard 
screens  and  workflows.  Implement 
i2  and/or  Manugistios,  Supply 
Chain  &  Logistics  applications 
inc:  Demand  Planning,  Replen¬ 
ishment  Planner  &  Supply  Chain 
Strategist  as  well  as  work  w/ 
Oracle.  Must  have  Master's  degree 
in  Computer  Science,  Transporta¬ 
tion  Management  any  Engineering 
discipline  or  related  field.  Must 
have  3  yrs.  exp.  in  job  offered  or 
position  w/  same  duties.  Send 
Resume:  PSS  World  Medical, 
inc.,  Ann  Christante,  4345  South- 
point  Blvd,  Jacksonville,  FL, 
32246 


Progr.  Analyst:  Study  user  req., 
procedures  &  problems  to  auto¬ 
mate  processing  &  reports,  iden¬ 
tify  problems  &  modify  coding. 
Carry  testing,  change  control  & 
management.  Des.,  dev.  and 
implement  web  based  applica¬ 
tions.  Develop  API/Middleware 
Use  Java  I/O,  C,  C++,  AWT,  EJB, 
AMI,  servlets,  applets,  Swing 
RDBMS,  JDBC,  Oracle,  Java 
bean,  JSP,.  Req.  BS  in  Eng./CS 
+1.5  years  exp.  Please  send 
resume:  Ganeshji  Inc.  3617  N 
Pan  Am  Exp  Way,  San  Antonio, 
TX  78219 


♦ 


PROGRAMMER  ANALYST:  40 
hrs/wk,  8:00AM  to  5:00PM, 
$50,000.00/-  annually.  Requires 
a  Bachelor's  in  Computer  Sci¬ 
ence  OR  Electronic  Engineering 
and  one  years  experience  in 
the  job  offered  or  as  a  Systems 
Analyst.  Design,  develop  and 
implement  client/server  projects 
using  Visual  Basic,  SQL  Server, 
Internet  Information  Server,  Active 
server  pages,  Java  on  Windows 
Operating  Systems.  Job  is  located 
in  Orlando,  FL.  Send  resumes  to 
Workforce  Program  Support/ 
A.L.C.  Unit,  P.O.  Box  10869, 
Tallahassee,  Florida,  32302- 
0869,  JOB  ORDER  #FL-2309491 . 


Database  Administrators  need¬ 
ed:  Install  and  configure  Data¬ 
base  and  Replication  software. 
Administer  production  and  devel¬ 
opment  servers.  Troubleshoot 
and  resolve  or  recommend  solu¬ 
tions  to  complex  database  and 
replication  systems  issues.  Work 
with  3  ot  the  following:  Sybase, 
Oracle,  DB2,  UNIX  and  MS  SQL 
server.  Requires  MS/BS  degree 
or  equivalent  and  2  years  of 
database  and  replication  experi¬ 
ence.  Mail  resume,  references 
and  salary  requirements  to:  Ster¬ 
ling  Commerce  Inc.,  4600  Lake- 
hurst  Court,  PO  Box  8000, 
Dublin,  OH  43016. 


COMPUWARE 

Put  your  IT  experience  to  work 
while  constantly  developing  new 
skills. 

Nationwide  opportunities: 
Business  Analysts 
Database/Network  Administrators 
Product  Sales/Management 
/Support 

Programmer/ Analysts 
Software  Developers/Engineers 
System  Engineers 
Technical  Writers 
Web  Developers 
Ad  #  CW0729 

Compuware  Corporation, 
Attn:  Recruiting  Dept. 

31 440  Northwestern  Hwy. 
Farmington  Hills,  Ml  48334. 
E-mail: 

ads@compuware.com 
www.compuware.com  EOE 


Senior  Programmer 
Job  Code  SP:  Define  b/z  solu¬ 
tions  in  flowchart  format;  data¬ 
base  design  with  Oracle, 
MYSQL,  and  DB2;  screen/report 
design  utilizing  Java2,  C,  and 
C++;  conduct  data  flow  analysis 
using  J2EE,  CORBA,  Oracle, 
and  EJB;  develop  transaction 
processing  reqs.  using  SQL  & 
PL/SQL  procedures/functions 
and  triggers;  define  system  in¬ 
terfaces  &  prepare  detailed  pro¬ 
gram  specifications.  Translate 
b/z  requirements  into  tech./sys- 
tems  reqs.  on  UNIX,  Solaris,  & 
Windows  NT  platforms.  Re¬ 
quires  BS  In  Elec.  Eng.  +  2  yr, 
exp. 

We  offer  competitive  salaries. 
Apply  with  Job  Code  to  Open 
Systems,  Inc.,  4005  Windward 
Plaza,  Suite  550,  Alpharetta,  GA 
30005  with  proof  of  work  auth. 
from  INS. 


Web  Developer  wanted  by  New 
Jersey  based  Co  for  job  loc 
throughout  the  US.  Must  have 
Master's  degree  in  Comp.  Sc., 
Engg.,  3  years  s/w  exp.  &  profi¬ 
ciency  in  RDBMS  (e.g.  Oracle), 
C/C++,  Web  Logic,  Web  Sphere, 
HTML,  J2EE,  XML.  Respond  to: 
HR,  MJ  Technologies  of  NJ,  Inc., 
838  Green  St.,  Ste.  #101,  Iselin, 
NJ  08830.  (Ret.  RG  8246).  No 
phone  calls. 


Programmer  Analysts  to  analyze, 
design,  test,  maintain  and  support 
internet/intranet  applications 
using  Java,  HTML,  ASP,  Java 
Script,  JSP  etc  under  Unix  & 
Windows  OS;  design/develop 
custom  applications  in  a  client 
server  environment  using  VB, 
Oracle,  MS  SQL  Server  and  GUI 
tools  under  Windows  NT  OS; 
provide  on  site  maintenance 
support  to  clients.  Require  BS 
or  foreign  equiv  in  CS  or  Engi¬ 
neering  (any  branch)  with  2  yrs 
of  relevant  exp.  Highly  competi¬ 
tive  salary.  Travel  to  client  sites 
involved.  Resumes  to  Advanced 
Computing  Technologies,  Inc., 
3355  Breckinridge  Blvd.  Suite 
128,  Duluth  GA  30096. 


Oracle  Database  Administrator 
wanted  by  Cimnet  in  Downers 
Grove.  Responsible  for  the 
design  of  logical  and  physical 
database  structures,  implemen¬ 
tation,  testing  and  maintenance; 
develop  database  management 
sys.&  implement  existing  data¬ 
base  sys.;  control  migration  of 
programs,  database  changes, 
reference  data  changes  and 
menu  changes  through  the 
development  lift  cycle;  perform 
database  re-organizations;  trou¬ 
bleshoot  with  problems  regarding 
the  database,  applications  and 
development  tools.  Must  have 
BA  in  Electronics  Engg.  or  its 
equiv.  &  1  yr  exp.  in  database 
envir.  &  Oracle  diploma.  Respond 
to:  HR  Dept.,  2651  Warrenville 
Road,  Downers  Grove,  IL  605 1 5. 


Become  a  IDicrosoft  Windows  2000  Security  Expert. 


It’s  easy.  Just  point,  click  and  choose  the  format  that  works  best  for  you: 
•CD-ROm  •Uleb-Based  •Hands-On  •Uirtual  Classroom 


Uisit  lletSmart  today  at  unuw.munetsmart.com 
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NetworkWorld, 

COMPUTERWORLD, 
AND  INFOWORLD 

Help  You  Do 
A  Better  Job. 


Now  Let  Us  Help 
You  Get  One. 


Call: 

1-800-762-2977 
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Web  Programmer/  System 
Administrator 

Devel.  of  company  &  clients' 
web  &  non-web  appl.  using  JSP, 
ASP.  MSSQL,  Java  Servlet, 
JavaBeans,  JavaMail,  &  other 
Java  tech,  for  various  functions 
such  as  E-Commerce,  zip  code 
store  locator,  site  search 
engine,  advertisement  media 
tracking,  third  party  site  statis¬ 
tics  tracking,  dynamic  advertis¬ 
ing  campaign,  dynamic  report¬ 
ing,  business  to  business,  lega¬ 
cy  system  interface  8  media 
serving.  B.S.  in  C.S.  or  rel.  8 
abil.  to  use  JSP.  ASP,  MSSQL, 
Java  Servlet,  JavaBeans, 
JavaMail,  C++,  Visual  C  ++, 
Java  2,  JBuilder,  IBM 
VisualAge.  35.0  hr/wk.  9-5. 
Send  resume  to:  Cindra  Tan,  VP 
Finance,  Bennett  Kuhn  Verner, 
Inc.,  2964  Peachtree  Road,  Ste. 
700,  Atlanta,  GA  30305 


SW  Eng'rs:  Rsrch,  dsgn,  devlop 
&  test  sw  applic'ns  w/  Magic  de- 
vlpmt  tool,  variable/  Macro  Pro- 
gram'g  in  WP,  Spreadsheet  & 
Macro  Program'g  in  Applix;  Dsgn 
db/GUI  in  Oracle  8.i,  SQL  Serv¬ 
er  7.0  on  Sun  Solaris  8  Op  Sys, 
Visual  Studio  6,  Erwin,  Toad, 
Pvcs,  C/C++  &  VB.  40h/w,  8-5. 
BS  or  foreign  equivlt  in  CS,  Elec¬ 
tronics  or  Eng'g,  8  5-yr  exp  in  the 
job  or  other  posit'n  w/  Magic, 
Variable/Macro  Program'g  in 
WP/Applix.  Resume  to  Sterlite 
SW's  Chicago  off.  at 
vies® sterliteusa.com/Fax:  708- 
383-4898 


Lotus  Notes  Developer;  will 
develop/maintain  new  web/client 
based  applications  using  Lotus 
Notes/Domino.  Req.  B.S.  Com¬ 
puter  Science  or  related  field  8 
2  yrs  Lotus  Notes/Domino 
Development  skills  in  V4.6  8 
V5.0.  Apply  to:  Firmat  USA,  Inc. 
Attn:  Human  Resources,  181 
West  Madison  St,  Ste.  3450, 
Chicago,  IL  60602 


Costco  seeks  DBA  for  HQ  office 
in  Issaquah,  WA.  DESC:  Install, 
impl,  8  upgrade  Win  NT,  Internet 
Info.  Server,  8  SQL  Server. 
Dsgn.  admin,  8  maint.  RDBMS 
8  rel.  c/s  progs.  8  apps.  util.  SQL. 
Impl.  rules,  views,  triggers,  8 
stored  procedures.  Peri,  data 
migration  8  file  trans.  bet.  var. 
d/bs  util.  DTS.  Create  d/b  rep. 
models.  Config.  TCP/IP,  DNS, 
WINS,  8  DHCP.  Set  up  8  create 
virtual  directories,  loc.  8  global 
groups,  user  accts,  rights  8  poli¬ 
cies,  permissions.  REQ:  BS  in 
Engr,  CS,  Math,  or  Phys.  +  3 
mos.  exp.  in  duties  of  job  offered. 
Prem.  sal.  +  benes.  Pis.  reply  to 
T.  Valdez,  Job  #CW-104,  999 
Lake  DR,  Issaquah,  WA  98027. 


- ♦ - 

Programmer  Analyst.  Dvlp  s/ware 
apps  using  C++.  MS  Visual  C++ 
8  MetroWorks  Code  Warrior; 
dsgn  object-oriented  8  Generic 
reusable  app  components  using 
C++.  BS  in  Comm.  Sci.,  1  yr 
exp.  MacOS  and/or  Win  95/NT ; 
C++;  8  object-oriented  prgmg. 
$35,500/yr.  Send  resumes  to 
Robert  T.  Long,  1210  S.  Gilbert 
St,  Iowa  City  IA  52240. 


Seeking  qualified  applicants  for 
the  following  position  in  Mem¬ 
phis,  TN:  Senior  Programmer 
Analyst,  Revenue  Systems:  For¬ 
mulate/define  functional  require¬ 
ments  and  documentation  in  a 
mainframe  environment  based 
on  accepted  user  criteria.  Re¬ 
quirements:  bachelor's  degree  or 
equivalent*  in  computer  science. 
MIS  or  related  field  plus  5  years 
of  experience  in  systems/appli¬ 
cations  development  in  a  main¬ 
frame  environment.  Experience 
with  COBOL,  File-Aid  and  Expe¬ 
ditor  also  required.  'Equivalent 
is  based  upon  a  combination  of 
education  and  experience  (three 
years  of  experience  equals  one 
year  of  education)  as  deter¬ 
mined  by  a  credentials  evaluator. 
Submit  resumes  to  Sibi  George, 
FedEx  Corporate  Services, 
1 900  Summit  Tower  Blvd.,  Suite 
1400,  Orlando,  FL  32810.  EOE 
M/F/DA/. 


LEAD  SYSTEM  ANALYST: 
Perform  web  layout  design,  pro¬ 
gramming  and  web  page/database 
connection  using  JAVA, 
Net.Data,  REXX,  HTML, 
DHTML,  Peri,  JavaScript,  Java- 
Applets,  COBOL,  and  SQL. 
Salary:  $1,583.20/wk„  40  hr. 
work  wk.  (9:00  a.m.-5:00  p.m.). 
Requirements:  Masters  degree 
in  Computer  Science,  Candidate 
must  have  completed  one  graduate 
level  course  in  web  technology 
and  one  graduate  level  course  in 
database  management  systems. 
Send  Resumes  to  MDCD/ESA, 
P.O.  Box  11170,  Detroit,  Michigan, 
48202  (Reference  No.  202313). 
Employer  paid  ad. 


SAP  Analysts  wanted  by  Shell 
Service  Int’l.  Candidates  must 
have  MS  or  BS  with  SAP  exp. 
Skills  with  PL/SQL,  Oracle,  Java 
and  VBScript  are  plus.  Send  re¬ 
sumes  to  recruitment®  shell.com, 
Ad  Code  1361 

ShellSoft  is  a  fast  growing  com¬ 
pany.  We  have  several  openings 
for  computer  professionals.  At¬ 
tractive  wage  plus  full  benefit 
pkg.  Skills  in  following  areas  are 
a  plus:  Oracle,  SAP,  Java,  Unix, 
Sybase,  Informix,  SQL,  VB. 
Qualified  applicants  must  have 
BS  and  US  work  permit.  Send  re¬ 
sumes  to:  career@shellsoft.com. 
EOE 


Thomson  Financial  Inc.  seeks  a 
Database  Administrator  (Boston, 
MA)  to  provide  comprehensive 
DB  admin,  services  to  implement 
Oracle  8  Sybase  DBs  for  Sun 
Solaris/HP-UX  8  NT  OS;  support 
development  for  JDBS  8  SQLJ; 
8  use  WebDB  for  production 
support  8  devel.  Min.  require¬ 
ments:  Master's  degree  or  equiv. 
in  Computer  Sci.,  any  Engineer¬ 
ing  area  or  related  field.  +  5 
years  of  exper.  as  DB  Adminis¬ 
trator  working  in  Oracle  8  Sun 
Solaris  envir.;  exper.  must  incl. 
3  yrs  of  JDBS,  SQLJ  8  WebDB 
(aka  Oracle  Portal)  in  the 
Sybase/HP-UX/NT  envir.  Pis  re¬ 
spond  to:  Nicole  White,  HR, 
Thomson  Financial,  22  Thomson 
Place,  Boston,  MA  02210. 


Systems  Analyst  wanted  by 
Unad  of  Colombia  Inc.  Must 
have  3  yrs.  exp.  utilizing  knowl¬ 
edge  of  the  methods  8  principles 
of  comp,  systems  to  create  8 
design  programs  8  database. 
Respond  to  3050  Biscayne  Blvd. 
Suite  201 ,  Miami,  Rorida  33137. 


E-Product  Developer,  Augusta, 
GA:  Develop,  implement,  support, 
enhance  8  engineer  testing  of 
company's  Web-based  consulting, 
marketing  8  sales  interactive  e- 
products.  Use  HTML,  DHTML, 
Java,  CSS,  VBScript,  JavaScript, 
ASP.  Perform  product  8  RDB 
(Oracle)  development  using 
SQL.  Develop/deploy  e-com¬ 
merce  shopping  carts  8  credit 
card  systems  for  UNIX  8  IIS 
servers.  Oversee  on-line  security; 
implement  encryption  w/Public 
Key.  Use  Frontpage,  Dream 
-weaver,  Fireworks,  PainShop 
Pro,  QuarkXPress,  Adobe  Photo 
Shop  to  design  8  edit.  Analyze 
site  metrics  8  target  market. 
Req:  Bach.  Degree  in  Info.  Tech, 
or  related  +  1  yr  in  job  or  as 
Webmaster  w/similar  duties.  Mail 
resume  to  MagMutual  HR:  1054 
Claussen  Rd,  Ste  307,  Augusta, 
GA  30907. 


F/T  Application  Developer:  Re¬ 
sponsible  for  the  research,  design, 
development,  testing,  mainte¬ 
nance  8  deployment  of  software 
applications  8  working  w/  system 
development  8  integration 
methodologies.  Communicate 
effectively  w/  external  8  internal 
customers.  Work  w/  mainframe 
including  COBOL,  IMS,  Assem¬ 
bler,  Easytrieve,  Mark  IV,  JCL 
8  client  server  programming 
technologies  such  as  Visual  Basic 
8  C++.  Must  have  Bachelor's 
degree  in  Computer  Science  or 
related  field.  Educational  8  or 
work  background  must  have 
included  the  above  reference 
skills.  Send  resume:  AFLAC  c/o 
Catherine  H.  Coppedge,  1932 
Wynnton  Road,  Columbus,  GA 
31999. 


Software  Engineers  8  Program¬ 
mers.  Analyze,  design,  develop, 
test  and  implement  specialized 
business  apps.  in  Business 
Objects  Ver  5 1,  Web  Intelligence 
and  related  Business  Objects 
products,  VB  Script,  Oracle  and 
related  RDBMS  and  related 
tools.  US  Workers  only.  Prevailing 
wage  8  benefits.  Travel  to  client 
sites  req'd.  Contact  Evelyn 
Logan,  Sapphire  Consulting,  8 
Orange  St„  Edison,  NJ  08817. 
EOE. 


Programmer  Analysts  (3  Posi¬ 
tions)  to  analyze,  design,  test, 
maintain  and  support  client  server, 
web  applications  using  ASP, 
JavaScript,  VBScript,  HTML, 
DHTML,  COM  etc  under  UNIX 
and  Windows  OS;  design  and 
implement  GUIs  and  relational 
database  management  systems 
using  VB,  Developer  2000,  Oracle, 
MS  Access  and  SQL  Server. 
Require:  B.S.  or  foreign  equival 
with  cone,  in  CS  or  Math  or  any 
branch  of  Engineering  with  2 
yrs  exp  in  the  IT  field.  Highly 
compensated  fulltime  positions. 
Travel/relocation  involved.  Re¬ 
sumes  to  InfoSmart  Technologies, 
Inc.  385  Leatherman  Ct. 
Alpharetta,  GA  30005. 


Computer  Programmers  needed. 
Positions  available  for  qualified 
candidates  possessing  BS  degree 
or  equivalent  and/or  relevant 
work  experience.  Experience 
must  include  2  years  using  ILE 
RPG,  SQL/400  and  CL/400; 
experience  in  Fleet  Assist. 
VTOPS,  QTOPS  applications 
and/or  VB  preferred.  Duties  include: 
Designing,  coding  and  testing 
application  programs:  Perform 
integration,  testing  and 
implementation.  Mail  resume  to 
U.S.  Xpress  Enterprises,  Inc. 
4080  Jenkins  Road,  Chattanooga, 
TN  37421. 


Research  Analyst  Provide  direct 
marketing  research  support  for 
clients;  perform  data  analysis 
functions  working  with  research 
personnel;  perform  quantitative 
and  qualitative  analyses-  prepare 
written  report  of  results;  prepare 
presentations  and  assist  in  com¬ 
municating  research  results  to 
clients;  and  work  closely  with 
Research  Director  on  research 
project  design  and  client  pro¬ 
posals. 

Minimum  requirements  Bachelor's 
degree  in  market  research,  sta¬ 
tistics.  social  sciences  or  related 
field,  plus  one  year  work  or  grad¬ 
uate  experience  using  SAS  or 
SPSS. 

Competitive  salary.  Hours:  8  am 
-  5  pm,  M-F.  Must  have  indefinite 
right  to  work  in  U.S.  Send  resume 
demonstrating  minimum  require¬ 
ments  to: 

Tipton  Bradford,  c/o  ChoicePoint 
AVP-Human  Resources,  1000 
Alderman  Drive,  70-A,  Alpharetta, 
GA  30005 


Senior  Development  Engineer  in 
Denver,  Colorado  (4  positions): 
Lead  Programming  in  C++  (com¬ 
mercial  application  develop¬ 
ment).  Lead  Programming  in 
Java,  XML,  Corba  and  Object 
Oriented  Development.  Devel¬ 
oping  systems  which  are  com¬ 
pliant  with  the  high  performance 
demands  of  the  telecommunica¬ 
tions  sector  using  Oracle,  Informix 
and/or  other  SQL-MP  database 
engines.  Systems  integration 
in  a  LAN/WAN  environment  in 
order  to  deliver  robust  solutions 
in  a  multi-node  distributed  envi¬ 
ronment.  Provide  senior  techni¬ 
cal  guidance  to  team  members 
and  other  employees  as  required. 
Requirements:  Master's  degree 
or  foreign  equivalent,  or  equivalent 
combination  of  education  and 
experience  in  Computer  Science, 
Engineering  or  a  related  field. 
Must  have  proof  of  legal  authority 
to  work  in  the  United  States. 
Salary:  $71,400  annually  for  40- 
hour  workweek.  Application  is  by 
resume  only;  please  send  re¬ 
sume  to:  Employment  Programs, 
P.O.  Box  46547,  Denver,  CO 
80202.  Refer  to  Job  Order  No.: 
CO5024455 


Sr.  Software  Engineers  in  Con¬ 
cord,  MA  to  design,  develop,  test 
and  maintain  ASIC-based  soft¬ 
ware  systems  for  creating  en¬ 
terprise  networks  using  C/C++ 
programming,  IP/ATM/SNMP 
and  related  networking  and 
routing  technologies  and  proto¬ 
cols  in  embedded  and  PSOS 
real-time  operating  systems; 
secure  networking  protocol 
stacks  using  RFC  guidelines, 
CLI,  web  and  SNMP  interface 
mechanisms,  remote  source 
code  management  and  network 
performance  analysis  using 
SMARTBITS  traffic  generators 
and  related  tools.  MS  in  Comp. 
Sc.  or  Engg.  plus  3  yrs.  exp.  as 
Software  Engineer  or  Developer. 
BS  in  Eng.  or  Comp.  Sc.  plus  5 
yrs.  progressive  post-graduate 
exp.  acceptable  in  lieu  of  MS  for 
some  positions.  Contact:  Donna 
Russello,  Avaya  Inc.,  211  Mt. 
Airy  Road,  Room  2C736, 
Basking  Ridge,  NJ  07920. 


Senior  Database  Administrator 
Job  Code  SDA:  DB2  UDB  Data¬ 
base  Admin,  using  IBM  DB2  UDB 
EE  V7.2  (fixpak6)  on  RS/6000 
boxes  running  AIX4.3.3  and 
AIX5L.  Develop  standards  for 
UDB  Databases  (install,  resource 
planning,  security  model,  initial 
config.,  physical  design,  back¬ 
up/recovery,  admin.,  monitoring  8 
troubleshooting  using  stack  trace- 
back  files);  develop  stds  8  specs, 
for  appln.  tuning;  SYBASE  to  DB2 
conversion;  maintain  client/serv¬ 
er  environment;  8  systems  sup¬ 
port.  Requires  BS  in  Software 
Eng.  +  1  yr.  exp.  +  Certification  in 
DB2UDBV7.1  Database  Admin¬ 
istration. 

We  offer  competitive  salaries. 
Apply  with  Job  Code  to  Open 
Systems,  Inc.,  4005  Windward 
Plaza.  Suite  550,  Alpharetta,  GA 
30005  with  proof  of  work  auth. 
from  INS. 
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Opportunity  Employer 


ready  to  experience 

variety  of  leadership  opportunities  in  IT 
workplace  that  celebrates  diversity 

compensation  that  rewards  performance 


experience 

managing  network  operations  team 
resolving  UNIX  problems 
>  working  lots  of  overtime  with  little  reward 


STATE  FARM 


INSURANCE 


Get  there  with  State  Farm. 

Come  to  work  on  one  of  the  world's  largest 
computer  networks.  And  see  your  hard  work 
pay  off- in  your  salary  and  benefits.  Plus,  take 
advantage  of  opportunities  to  manage  friendly 
people  from  a  wide  variety  of  backgrounds. 
These  are  just  a  few  of  the  reasons  we  rank 
#2  in  Computerworld' s  "Best  Places  to  Work." 


more  information,  visit  statefarm.com* 
ail  jobopps.corpsouth@statefarm.com 


It’s  like  having 

the  i nsi de  track  on 

all  the  hottest  tech  jobs, 

all  the  time. 


! 

The  hottest  job  leads  you  can’t 
find  anywhere  else  are  all  right 
here.  That’s  because  Dice  is  all 
tech  jobs,  all  the  time.  Get  the 
inside  track  on  the  best  tech 
jobs.  Go  to  dice.com  today. 


©  2002  Dice.com 


Staff  Consultant 

As  part  of  a  project  team,  you  will  perform  application 
software  implementation  for  small  to  large-scale 
PeopleSoft  implementation  projects  by  applying 
PeopleSoft  techniques,  methods,  processes  and 
functional  modules.  Program,  test,  document  and 
implement  systems  and/or  software.  Analyze  and 
develop  solutions  that  benefit  our  customers’  business 
requirements.  Document  the  completion  of  project 
assignments  and  identify  implementation  issues  in  a 
clear,  efficient  manner.  Position  reports  to  PeopleSoft's 
Philadelphia  office.  Travel  frequently  to  various  locations. 

Requires  a  BA  in  Computer  Science  or  a  related 
field,  and  3  years  of  experience  as  a  Staff  Consultant 
or  in  application  software  implementation.  At  least 
1  year  of  consulting  experience  is  also  necessary. 

For  consideration,  please  send  your  resume  to: 

PeopleSoft 

Attn:  Human  Resources  Manager 
2377  Gold  Meadow  Way,  Suite  110 
Gold  River,  CA  95670 
fax:  916-631-1515 

We  support  workforce  diversity. 

Visit  our  website  at: 

www.peoplesoft.com 


CUSTOMERS  •  EMPLOYEES  •  SUPPUERS 

People  power  the  internet.- 
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dai.  v  arrier.That  would  be  a  nightmare.” 

Customers  are  being  advised  to  sit  tight  and  moni¬ 
tor  service  levels  before  doing  anything  rash. Those 
who  can,  should  distribute  traffic  among  other 
providers.  Analysts  also  suggest  that  businesses  sign¬ 
ing  new  contracts  should  consider  shorter-term  com¬ 
mitments  that  will  give  them  an  out  if  service  levels 
take  a  turn  for  the  worse. 

They  add  the  caveat  that  shorter  contracts  will  be 
more  costly  A  one-year  contract,  for  example,  could 
cost  20%  more  than  a  three-year  contract.  Contracts 
less  than  a  year  will  provide  a  month-to-month  out 
but  boost  costs  another  20%,  analyst  say 

Gartner  suggests  businesses  sign  contract  exten¬ 
sions  of  longer  than  six  months  to  avoid  higher 
month-to-month  pricing,  but  take  advantage  of  spe¬ 
cial  deals, such  as  WorldCom’s  Customer  Satisfaction 
and  Loyalty  Program,  which  provide  a  limited-time 
offer  of  renewal  incentives,  including  a  low-risk,  six- 
month  extension. 

Reliance  levels  vary 

How  company’s  react  to  the  WorldCom  bankruptcy 
will,  of  course,  depend  on  how  heavily  they  rely  on 
WorldCom’s  varied  services.  WorldCom  offers  a  full 
range  of  data  network  services  —  including  frame 
relay, VPN  and  Internet  —  the  usual  portfolio  of  corporate 
voice  services,  and  hosting  services  through  Digex.  Digex  is 
maintained  as  a  separate  public  company  and  was  not  list¬ 
ed  in  WorldCom’s  bankruptcy  filing.  WorldCom  says  it  is 
committed  to  continued  funding  of  the  managed  hosting 
provider.  Nonetheless,  there  is  customer  concern. 

A  director  of  e-business  strategy  at  a  large  capital  goods 
manufacturer  says  his  company  is  reviewing  options 
because  its  contract  with  Digex  will  come  due  next  year. 
“This  industry  changes  rapidly,  so  even  before  the 
WorldCom  announcement  we  were  verifying  where  we’re 
at,  what  we’re  doing  and  the  service  levels,”  he  says.  “The 
WorldCom  situation  didn’t  cause  us  to  do  anything  differ¬ 
ent,  but  it  did  bring  more  awareness  to  the  fact  that  you 
need  to  be  careful.  It’s  not  just  Digex,  it’s  any  company 
you’re  looking  at  —  you  need  to  have  business  continuity 
and  back-up  plans.” 

Few  customers  and  industry  analysts  expect  WorldCom’s 
network  to  go  dark.The  company  does,  after  all,  have  $107 
billion  in  assets;  a  fact  that  analysts  say  distinguishes 
WorldCom  from  others  such  as  Enron.  Further,  the  Federal 
Communications  Commission  requires  a  minimum  of  31 
days'  notice  before  any  services  are  turned  off. 

The  biggest  concern  is  that  customer  service  and  net¬ 
work  performance  will  suffer  as  WorldCom  focuses  on  its 
balance  sheet.  The  carrier  announced  it  would  lay  off 
17,000  employees,  about  28%  of  its  workforce,  even  before 


Customer  checklist 

Things  to  consider  following  WorldCom's  bankruptcy  filing; 

Double  up:  Make  sure  you  have  a  second  carrier  handling  at 
least  some  of  your  traffic.  Setting  up  contingency  plans  can 
take  as  long  as  two  months. 

All  bets  are  off:  Contract  "out  clauses”  in  case  of  bankruptcy 
are  trumped  by  bankruptcy  law,  according  to  Hank  Levine,  an 
expert  in  telecom  contract  negotiations.  Now  that  WorldCom 
is  in  bankruptcy,  its  creditors  will  be  loathe  to  let  customers 
go.  An  abrupt  termination  could  cost  you  millions  of  dollars. 

Deal  smart:  You  can  negotiate  clauses  in  new  contracts  that 
give  you  rights  when  the  carrier’s  condition  deteriorates,  Levine 
says,  such  as  allowing  you  to  hire  the  carrier's  employees. 
Other  types  of  clauses  will  give  you  flexibility  to  move  should 
the  provider's  credit  rating  plummet. 

\/  Deal  short:  If  you  can  handle  the  extra  cost  that  short-term 
contracts  carry,  it's  best  now  to  go  with  shorter  commitments 
while  the  market  shakes  itself  out. 

s/  Seize  the  moment:  Now  may  be  a  good  time  to  sign  a 
contract  with  WorldCom  because  an  agreement  made  after 
a  bankruptcy  filing  typically  gets  preference,  Levine  says. 


it  revealed  its  $3.8  billion  accounting  debacle  last  month. 

“The  layoffs  certainly  are  not  going  to  help  customer  ser¬ 
vice,  but  I  don’t  think  we’re  going  to  see  a  dramatic 
change,”  says  Steven  Harris,  research  manager  of  ISP  mar¬ 
kets,  business  network  services  and  IP  VPNs  at  IDC. 
“Predictions  that  their  service  is  going  to  be  just  awful  are 
likely  exaggerated.” 

Providian  Financial  in  San  Francisco  says  it  has  concerns 
about  service  levels  going  forward,  but  has  yet  to  see  any 
degradation.lt  gets  voice,  data,  paging  and  Web  hosting  ser¬ 
vices  from  WorldCom. 

“We  expect  WorldCom  to  live  up  to  the  contract  and 
their  commitment  to  provide  us  good  service,  and  they’re 
doing  that  now,”  a  spokeswoman  says.  She  adds  that 
Providian  contracts  with  multiple  carriers,  including 
AT&T  and  Pacific  Bell, and  is  not  actively  looking  for  alter¬ 
native  carriers. 

Uncle  Sam  watching  carefully 

The  U.S.  Department  of  Defense,  which  this  spring 
awarded  WorldCom  a  10-year  networking  contract,  care¬ 
fully  monitors  service  levels  and  has  clearly  delineated 
performance  obligations.  Those  contractual  obligations 
are  still  valid  and  the  Defense  Department  “anticipates  no 
interruptions  in  service,”  a  spokeswoman  says. 

Should  service  deteriorate  beyond  agreed-upon  levels, 
though,  the  agency  could  take  recourse.  “Each  contract 
contains  remedies  for  a  contractor’s  failure  to 
perform.  These  contractual  remedies  include 
the  ability  to  recover  liquidated  or  actual  dam¬ 
ages,  collect  monetary  credits  for  service  out¬ 
ages,  and  in  severe  cases,  give  [the  Defense 
Information  Systems  Network]  the  ability  to 
terminate  the  contracts  for  default  or  cause,” 
the  spokeswoman  says. 

Analysts  don’t  expect  a  mass  exodus  from 
WorldCom  in  the  near  term  because  most  cus¬ 
tomers  have  two-  or  three-year  contracts.  As 
contracts  expire,  though,  customers  likely  will 
look  elsewhere. 

“Make  sure  those  providers  aren’t  facing  the 
same  problems  WorldCom  is,”  advises  Kate 
Gerwig, principal  analyst  of  network  services  at 
Current  Analysis. “The  accounting  ripple  effect 
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probably  isn’t  at  an  end.” 

In  a  report  on  the  bankruptcy,  Gerwig  notes  that  the 
U.S.  government,  one  of  WorldCom’s  biggest  cus¬ 
tomers,  “has  already  taken  steps  to  ensure  that  no 
new  contracts  are  signed  with  WorldCom.” 

The  New  Jersey  Department  of  Transportation  ear¬ 
lier  this  month  terminated  its  contract  with 
WorldCom,  which  ran  its  EZ-Pass  toll  collection  sys¬ 
tem.  A  spokesman  says  the  department  instead 
hired  a  contractor  that  specializes  in  toll  collection 
systems,  but  WorldCom’s  financial  problems  “cer¬ 
tainly  didn’t  help.” 

Others,  however,  are  sticking  it  out.  Supplemental 
insurance  company  AFLAC  in  Columbus,  Ga., says  it 
will  stay  with  WorldCom  as  long  as  service  levels 
meet  expectations. 

AT&T  and  Sprint  say  they  are  seeing  an  uptick  in 
inquiries  from  customers  investigating  options. 

The  trouble  for  business  users  is  there  are  few 
stable  providers  left  from  which  to  choose.  Just 
last  week,  AT&T  announced  a  $12  billion  quarter¬ 
ly  loss,  most  of  which  was  attributed  to  one-time 
charges  for  its  cable  division.  Qwest  also  has  been 
facing  financial  trouble  and  a  Securities  and 
Exchange  Commission  investigation  over  ac¬ 
counting  practices. 

Analysts  expect  all  this  financial  turmoil  to  lead  to 
industry  consolidation,  and  that  may  be  coming  to 
fruition  with  last  week’s  bid  by  Level  3  Communi¬ 
cations  to  buy  Williams  Communications. 

“The  chaos  may  not  be  over,  but  hopefully  any  further 
consolidation  is  orderly  and  progressive  and  some  order 
and  stability  is  restored, especially  among  the  bigger  play¬ 
ers,”  National’s  Seif  says.  “The  problem  is  that  this  indus¬ 
try’s  culture  is  historically  a  bit  slow  moving  and  may  not 
be  able  to  act  fast  enough  to  prevent  further  bleeding 
before  a  turnaround.” 

Ripple  effect? 

One  unknown  is  if  WorldCom’s  woes  will  ripple  through¬ 
out  the  industry.  The  hundreds  of  carriers  that  exchange 
traffic  with  WorldCom  and  WorldCom  equipment  suppli¬ 
ers  will  have  trouble  collecting  payments  and  debts. 

“WorldCom’s  payments  to  [regional  Bell  operating  com¬ 
panies]  that  terminate  their  customer  circuits  will  have 
highest  priority”  says  Shing  Yin,  a  senior  analyst  at 
telecommunications  research  firm  RHK.  “If  RBOCs  lose 
confidence  in  being  able  to  collect  payments  from 
WorldCom,  they  may  shut  off  the  last-mile  circuit,  effec¬ 
tively  putting  the  customer  out  of  WorldCom’s  reach. 
Equipment  vendors  will  likely  have  lower  priority  in 
terms  of  getting  paid.” 

That  means  customers  can  expect  WorldCom  to  hold 
back  on  expansion  efforts  or  the  introduction  of  new  ser¬ 
vices,  analysts  say.  At  the  same  time,  though,  current  per¬ 
formance  shouldn’t  be  impaired.  Keynote  Systems,  a 
company  that  tracks  Internet  performance  from  50  cities, 
says  Internet  performance  has  not  taken  a  hit  since 
WorldCom,  the  largest  carrier  of  IP  traffic  in  the  country, 
filed  for  bankruptcy  protection. 

Another  question  is  what  WorldCom  will  look  like  once 
it  emerges  from  Chapter  1 1  .WorldCom  has  said  it  plans  to 
sell  off  some  assets,  such  as  its  wireless  business  and  its 
South  American  operations,  but  retain  MCI  and  UUNET. 
Most  analysts  expect  WorldCom’s  U.S.  operations  to  stay 
largely  intact. 

Still, customers  should  remain  vigilant.Things  we  always 
assumed  were  true,  like  telephone  companies  don’t  go 
bankrupt,  are  not  true.  So  people  have  to  take  steps,”  says 
Hank  Levine,  a  partner  in  Levine,  Blaszak,  Block  and 
Boothbya  firm  specializ-  M  ^  iirirwtiM  M,ifl, 
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WorldCom  could  take  different  pat 

Experts  see  three  possible  scenarios  for  company  in  wake  of  Chapter  11  filing. 


■  BY  MICHAEL  MARTIN 

WorldCom  CEO  John  Sidgmore 
says  customers  should  look  for 
his  company  to  emerge  from 
bankruptcy  in  about  a  year. 

What  might  that  company  look 
like  then? 

Industry  experts  paint  three  pos¬ 
sible  scenarios:  WorldCom  could 
emerge  as  a  reorganized  inde¬ 
pendent  company;  be  acquired 
lock,  stock  and  barrel;  or  be  sold 
off  in  pieces. 

Each  possibility  carries  different 
ramifications  for  WorldCom’s 
business  customers. 

Sidgmore  told  reporters  last 
week  that  the  carrier  will  emerge 


from  bankruptcy  in  nine  to  12 
months,  but  that  might  be  a  bit 
optimistic,  says  Hank  Levine,  a 
partner  in  Levine,  Blaszak,  Block 
and  Boothby  a  firm  specializing 
in  telecom  contract  negotiations. 
He  says  a  year  to  18  months  might 
be  more  realistic. 

The  outcome  that  would  have 
the  least  effect  on  customers 
would  be  a  leaner,  meaner  World¬ 
Com  emerging  from  bankruptcy 
with  all  its  business  units  intact. 
The  only  question  then,  Levine 
says,  is  whether  the  carrier  could 
maintain  the  customer  service 
levels  it  did  before  bankruptcy 

WorldCom’s  customer  service 
levels  likely  will  slide  gradually, 


Levine  says,  as  the  company 
makes  the  17,000  job  cuts  it 
announced  in  June. 

Pat  Brogan,  assistant  director 
of  research  for  investment  re¬ 
search  firm  Precursor  Group, 
says  this  is  the  likeliest  of  the 
three  scenarios. 

“We  expect  them  to  come  out 
of  bankruptcy,  and  we  expect 
them  to  come  out  with  all  of  their 
significant  pieces,”  he  says. 

WorldCom’s  creditors  want  to 
get  as  much  value  as  possible  out 
of  the  company  and  need  to  keep 
the  main  pieces  —  especially 
UUNET  —  intact  to  make  World¬ 
Com  an  efficient  competitor  in 
the  business  telecom  market, 


Brogan  says. 

The  second  possible  outcome 
would  see  significant  portions  of 
WorldCom  sold  off  to  competi¬ 
tors.  This  is  the  result  that  could 
be  most  disruptive  for  customers, 
according  to  Levine. 

Customers  that  were  used  to 
dealing  with  one  vendor  for  a 
variety  of  communications  needs 
would  possibly  have  to  deal  with 
several,  he  says. 

The  third  possible  outcome 
would  involve  WorldCom  being 
sold  off  as  a  whole  company  This 
wouldn’t  inconvenience  cus¬ 
tomers  too  much,  Levine  says, 
unless  the  buyer  happened  to  be 
someone  with  which  WorldCom 
customers  didn’t  want  to  do  busi¬ 
ness.  For  instance,  if  WorldCom 
were  purchased  by  a  group  of 
investors  led  by  a  bank,  compet¬ 
ing  banks  that  were  WorldCom 
customers  likely  wouldn’t  be 
eager  to  remain  with  WorldCom. 

IDT,  a  national  telecom  provider, 
has  put  in  a  $5  billion  bid  for 
WorldCom’s  MCI  consumer  and 
small  business  unit,  along  with 
WorldCom’s  Brooks  and  MFS 
Communications  fiber  units. 
Levine  says  the  IDT  offer  is  too 
low  and  won’t  be  considered 
seriously  He  expects  more  seri¬ 
ous  offers  will  be  several  months 
in  coming. 

In  the  telecom  market,  there 
aren’t  many  potential  buyers  for 
all  of  WorldCom.Three  of  the  four 
regional  Bell  operating  compa¬ 
nies  —  Verizon,  SBC  and  Bell¬ 
South  —  are  considered  the 
most  likely  candidates  for  a  com¬ 
plete  takeover. 

The  fourth  RBOC,  Qwest,  isn’t 
considered  a  likely  suitor  be¬ 
cause  the  company  has  its  own 
serious  financial  problems  and 
already  has  a  national  data  net¬ 
work  in  place. 

Michael  Powell, chairman  of  the 
Federal  Communications  Com¬ 
mission,  has  stated  that  the  FCC 
might  be  willing  to  support  an 
RBOC  takeover  of  WorldCom.  But 
the  three  potential  RBOC  buyers 
|  are  already  heavily  laden  with 
|  debt  and  might  not  want  to  take 
on  more. 

Also,  under  the  Telecommuni¬ 
cations  Act  of  1996,  the  RBOCs 
can’t  offer  long-distance  ser- 
'  vices  in  states  where  they  are  the 
|  incumbent  local  providers  until 
they  have  proven  to  the  FCC  that 
there  is  competition  in  those 
states.  That  would  mean  if  Bell- 


The  choice  pieces 

If  bankruptcy  forces 
WorldCom  to  be  sold  off 
piecemeal,  as  some  pre¬ 
dict,  here  are  the  parts 
most  likely  to  be  coveted: 

UUNET:  the  largest  provider 
of  Internet  services  in  the  U.S. 

MCI:  provides  local  and  long¬ 
distance  voice  services  to 
thousands  of  U.S.  consumers 
and  businesses. 

Brooks  Fiber:  a  facilities- 
based  provider  of  telecom 
services  to  business, 
government  and  consumers 
in  more  than  50  markets. 

MFS  Communications:  a 

facilities-based  provider  of 
telecom  services  to  business 
and  government. 

South  bought  WorldCom,  it  might 
have  to  release  all  WorldCom  cus¬ 
tomers  in,  for  example,  Florida. 

However,  all  three  RBOCs  have 
made  progress  in  getting  long-dis¬ 
tance  approvals  in  their  local 
states  and  might  have  the  ap¬ 
provals  process  finished  by  the 
time  WorldCom’s  bankruptcy 
winds  up. 

But  even  if  the  RBOCs  do  bid  on 
WorldCom,  it  might  not  be  some¬ 
thing  companies  want. 

“What  comfort  would  that  give 
to  a  customer?”  asks  Lisa  Pierce, 
an  analyst  with  Giga  Information 
Group  and  a  Network  World 
columnist. 

“No  one  walks  up  to  me  and 
says  they  love  their  RBOC,” 
Pierce  adds. 

Ovum  isn’t  forecasting  a  rosy 
future  for  WorldCom.  In  a  recent 
research  note,  Ovum  says  World¬ 
Com  is  likely  too  large  to  be  sold 
as  a  complete  entity  and  proba¬ 
bly  will  be  broken  up. 

Even  then,  Ovum  says  any 
potential  buyers  will  wait  until 
making  bids  for  WorldCom  to 
drive  down  the  purchase  price. 

Until  WorldCom’s  bankruptcy 
is  resolved,  customers  might  not 
see  much  in  the  way  of  new  ser¬ 
vices,  Pierce  says. 

WorldCom  won’t  have  much 
money  to  launch  services,  she 
says,  and  the  carrier’s  attention 
will  be  focused  mostly  on  the 
bankruptcy  proceedings, she  says. 

“The  best-case  scenario  is  th.tr 
they  maintain  the  status  quo,” 
Pierce  says.  ■ 


Will  Genuity  be  next  to  fall? 


■  BY  JENNIFER  MEARS 

WOBURN,  MASS. — Verizon  has  announced  it  will 
not  reintegrate  struggling  Genuity  into  its  business, 
a  move  that  could  effectively  push  the  IP  network 
services  company  into  bankruptcy,  analysts  say. 

The  news  last  week  dealt  another  blow  to  the 
already-troubled  telecommunications  sector  that 
has  seen  a  string  of  bankruptcies,  the  most  recent 
being  industry  giant  WorldCom. Verizon  pointed  to 
a  number  of  reasons  behind  its  decision,  including 
market  conditions  and  business  needs. 

“We’ve  had  a  process  under  way 
for  some  time  to  assess  the  reinte¬ 
gration  of  Genuity  into  Verizon.  We 
took  into  account  market  condi¬ 
tions,  and,  yes,  that  includes  the 
shakeout  that’s  currently  under  way 
in  the  telecom  industry,  as  well  as 
the  strategic  needs  of  Verizon  and 
the  interests  of  our  shareholders 
going  forward,” says  Bob  Varettoni.a 
Verizon  spokesman. 

GTE  and  Bell  Atlantic  merged  to 
form  Verizon  in  July  2000.  As  a  con¬ 
dition  of  that  merger,  the  Federal 
Communications  Commission  re¬ 
quired  GTE  to  spin  off  GTE  Internetworking,  which 
became  known  as  Genuity.  GTE  also  was  given  the 
right  to  convert  its  shares  into  a  controlling  interest 
in  Genuity  once  it  met  certain  conditions. 

In  its  announcement  last  week,  Verizon  said  it 
gave  up  its  right  to  take  control  of  Genuity.  It  also 
said  that  it  is  no  longer  obligated  to  make  further 
loans  to  Genuity.  As  a  result,  Genuity  said  that  it  is 
now  in  default  in  its  credit  agreements  with  Verizon 
and  a  consortium  of  banks. 

“Verizon’s  decision  to  cancel  its  option  to  inte¬ 
grate  Genuity  and  its  credit  agreement  was  unex¬ 
pected  and  a  disappointment  to  us,”  says  Paul 
Gudonis,CEO  of  Genuity 

Earlier  in  the  week, Genuity  sought  access  to  $850 
million  remaining  on  a  $2  billion  line  of  credit 


extended  through  a  global  consortium  of  banks 
in  September  2000.  It  received  about  $723  million, 
with  eight  of  nine  banks  fulfilling  their  obliga¬ 
tions,  giving  Genuity  about  $1.3  billion  cash  on 
hand.  Deutsche  Bank  was  the  only  member  of  the 
consortium  not  to  grant  funds,  resulting  in  a  law¬ 
suit  by  Genuity. 

Genuity  now  has  about  $3  billion  in  debt,  $1.15  bil¬ 
lion  of  which  is  due  to  Verizon. 

Courtney  Quinn,  a  senior  analyst  at  The  Yankee 
Group,  says  a  bankruptcy  filing  for  Genuity  is  a  “defi¬ 
nite  possibility  Conventional  wisdom  indicates  that 


1 1  We  will  evaluate  all  of  our 
options,  which  could  include 
seeking  another  strategic 
partner  or  restructuring  our 
operating  plan.  1 9 

Paul  Gudonis 

Genuity  CEO 


the  only  way  out  of  this  is  a  bankruptcy!’ 

A  Genuity  spokesman  says  the  company  is  re¬ 
viewing  its  options,  which  could  include  bankruptcy, 
but  says  Verizon  still  is  committed  to  Genuity’s  busi¬ 
ness.  Verizon  says  it  will  honor  a  five-year,  $500  mil¬ 
lion  commitment  to  purchase  services  and  will 
continue  to  resell  Genuity’s  IP  networking  services, 
including  working  together  to  provide  voice  over 
IP  Genuity  also  is  in  talks  with  the  banks  to  review 
the  effect  of  the  decision,  and  Verizon  has  said  that 
it  will  be  supportive  of  those  efforts. 

“Now  that  Verizon  has  elected  not  to  reintegrate 
Genuity  we  will  evaluate  all  of  our  options,  which 
could  include  seeking  another  strategic  partner  or 
restructuring  our  operating  plan  while  we  address 
this  situation,”  Gudonis  says.  ■ 
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which  will  stretch  over  the  next 
three  to  four  years,  is  long  on  posi¬ 
tioning  and  challenges,  and  short 
on  products. 

Microsoft  has  delivered  the 
tools  to  build  Web  services  appli¬ 
cations  but  not  a  competent  plat¬ 
form  on  which  to  deploy.  Micro¬ 
soft  rivals  IBM,  Sun  and  others 
also  are  scrambling  to  unite  Web 
services  tools  and  platforms. 

“It’s  classic  Microsoft  —  they 
build  the  development  tools  and 
the  language,  and  then  they 
come  around  and  back-fill  every¬ 
thing  else,”  says  John  Studdard, 
CTO  for  Virtual  Bank  in  Palm 
Beach  Gardens,  Fla.  “We  have 


been  anxiously  awaiting  the 
news  that  they  are  finally  rolling 
up  their  sleeves  and  getting  under 
the  hood  of  .Net.” 

Studdard,  who  has  used  Micro¬ 
soft’s  BizTalk  Server, an  XML  trans¬ 
formation  engine,  to  support  a 
collection  of  .Net  applications, 
has  been  tweaking  the  server 
with  his  own  code. 

“BizTalk  and  .Net;  that  whole 
marriage  is  still  vaporware,”  Stud¬ 
dard  says.  “We  haven’t  been  able 
to  deploy  the  back-end  servers 
the  way  we  want  to  because  to 
support  .Net  they  use  a  hodge¬ 
podge  of  tool  kits.” 

In  June  2000,  Microsoft  unveiled 
.Net,  but  beyond  the  release  of 
Visual  Studio.Net  and  the  compa¬ 
ny’s  participation  in  creating  XML 


Microsoft’s  licensing  program 
kicks  off;  jury  out  on  impact 


More  than  a  year  after  network  executives  were  blindsided 
by  Microsoft’s  announcement  that  it  would  change  its 
volume  licensing  program,  the  deadline  to  enroll  will  pass 
this  week,  but  it  might  take  up  to  six  months  to  see  exactly  how 
corporations  reacted. 

No  issue  has  raised  the  hackles  of  Microsoft  customers  like 
Licensing  6.0,  which  was  announced  in  May  2001  but  delayed 
twice  by  an  outpouring  of  anger  from  users.  The  plan  has  met 
with  resistance  because  firms  have  to  pay  a  hefty  fee  to  enroll. 

"We  were  looking  at  $170,000  to  upgrade  from  Office  97  to  XP 
and  $70,000  a  year  for  software  maintenance,"  says  Cam  Scott, 
client  support  analyst  for  the  city  of  Nanaimo  in  British 
Columbia.  “We  said  thank  you,  Mr.  Gates,  and  goodbye.” 

Scott  is  transitioning  all  his  desktops  to  Sun’s  StarOffice, 
which  amounts  to  $70  per  user  for  his  nearly  400  users  and 
$6,500  per  year  for  maintenance. 

Scott  also  is  in  a  holding  pattern  with  his  Exchange  5.5  mail 
server  and  Windows  2000  desktops  as  the  city  decides  what  to 
do  with  that  software.  “We’re  looking  at  Sun  for  e-mail  and  we’ll 
probably  just  ride  out  Windows  2000  on  the  desktop  without 
going  to  the  new  licensing  program,"  he  says. 

In  a  recent  survey  of  1,400  IT  executives  worldwide  conducted 
by  Information  Technology  Intelligence  and  Sunbelt  Software, 
90%  of  Microsoft  customers  said  they  believe  their  licensing 
costs  will  rise  under  Licensing  6.0.  Some  users  and  analysts 
have  reported  that  those  increases  could  go  as  high  as  100%. 

Microsoft  says  upwards  of  80%  of  customers  will  see  a  de¬ 
crease  or  no  change  at  all  in  their  licensing  costs.  The  company 
says  the  remaining  20%  might  be  best  served  by  staying  on  the 
software  they  now  have  deployed. 

"If  Microsoft  gets  a  25%  uptake  with  6.0  that  would  be  consid¬ 
ered  good,”  says  Laura  DiDio,  an  analyst  with  The  Yankee  Group. 
•  “But  we  will  have  to  wait  one  or  two  quarters  of  financial  re- 
1  i  ts  to  see  how  well  Microsoft  has  done  with  this  program." 

I  he  new  Licensing  6.0  requires  users  to  have  upgrade  rights  to 
,  rent  software,  and  the  Software  Assurance  maintenance 
1  ,  am  replaces  all  of  Microsoft’s  current  upgrade  programs. 

(  1  i  o  for  Software  Assurance,  users  must  be  on  the  most 
•  sion  of  software  and  pay  a  fee  equal  to  29%  of  the 
j;'  i  ■  se  for  applications  and  25%  for  servers. 

■  fuse  Licensing  6.0  and  Software  Assurance  face 
a  hen.  .  my  wren  they  decide  to  upgrade. 

—  John  Fontana 


1 1  We  have  a  lot  of  execution 
still  to  do,  but  our  direction 
[with  .Net]  is  sound. 9  9 

Bill  Gates 

Chief  software  architect,  Microsoft 


specifications,  .Net  remains  a 
loose  connection  of  renamed 
products  and  XML  add-ons. 

During  a  press  and  analyst  brief¬ 
ing  last  week,  Microsoft  execu¬ 
tives  said  they  were  happy  with 
the  foundation  the  company  has 
created  but  admit  there  is  work  to 
be  done  and  mistakes  to  correct. 

“We  have  a  lot  of  execution  still 
to  do,  but  our  direction  is  sound,” 
said  Bill  Gates,  Microsoft’s  chief 
software  architect.  Gates  said  that 
direction  is  to  deliver  software 
that  connects  information,  peo¬ 
ple,  systems  and  devices. 

Gates  admitted  Microsoft  has 
made  missteps  in  the  past  two 
years,  including  a  set  of  services 
called  .Net  My  Services  that  gave 
Microsoft  control  over  user  data. 
Those  services,  such  as  Passport, 
now  are  being  reconstructed. 
Gates  also  said  the  company  has 
made  only  modest  progress  in 
delivering  software  as  a  service, 
such  as  self-updating  features,  in 
providing  rich  XML  data  to 
servers  and  clients.Trust  and  user 
identification  have  become  gaps 
that  must  be  filled  before  .Net  can 
succeed,  he  added. 

“Microsoft  has  made  a  series  of 
incremental  steps  that  collec¬ 
tively  show  it’s  making  progress 
and  that  people  are  using  its  tools 
and  platforms  to  build  .Net  appli¬ 
cations,”  says  Dwight  Davis,  an 
analyst  with  Summit  Strategies. 
“But  there  are  a  lot  of  elements 
needed  to  deliver  the  full  vision 
on  .Net  into  the  future.” 

One  of  the  most  important  is  se¬ 
curity,  especially  a  standard  way 
to  establish  identity  and  trust  for 
users  and  machines. 

Those  capabilities  are  essen¬ 
tial  in  a  Web  services  world 
where  users  and  code  routinely 
cross  corporate  boundaries. 

Microsoft  plans  to  build  an  iden¬ 
tity  and  trust  infrastructure 
around  the  WS-Security  specifica¬ 
tion  it  developed  with  IBM  and 
VeriSign  and  which  is  now  under 
the  guidance  of  the  Organization 
for  the  Advancement  of  Struc¬ 
tured  Information  Standards.  It 
also  has  agreed  to  support  the 
Security  Assertion  Markup  Lang¬ 
uage  (SAML)  standard  for  user 
authentication  and  authorization. 


Microsoft  also  has  begun  an 
ambitious  project  called  Palla¬ 
dium,  a  combination  of  hardware 
and  software  for  asserting  identity 
of  a  machine,  creating  safe  “sand¬ 
boxes”  for  code  execution  and 
securing  access  to  information. 
But  Palladium,  part  of  Microsoft’s 
$100  million  Trustworthy  Com¬ 
puting  initiative,  will  take  a  uni¬ 
fied  industry  effort  to  succeed. 

“Trust  and  identity  are  long¬ 
term  and  difficult  problems  that 
will  take  years  to  solve,”  says 
Dana  Gardner,  an  Aberdeen 
Group  analyst. 

Other  bumps  have  been  prob¬ 
lems  in  delivering  Windows.Net 
Server,  which  has  been  delayed 
twice.  The  server  is  the  first  with 
native  support  of  the  .Net  frame¬ 
work,  .Net’s  run-time  engine. 
Release  is  expected  by  year-end. 

A  few  months  later,  Microsoft 
will  graft  on  TrustBridge,  a  set  of 
components  to  join  user  identi¬ 
ties  between  distinct  Active  Direc¬ 
tory  deployments.  Microsoft  de¬ 
veloped  the  product  after  identity 
became  a  pressing  need  for  Web 
services  deployments.TrustBridge 
also  will  include  support  for  WS- 
Security  But  much  work  remains 
to  solidify  WS-Security  including 
specifications  to  govern  routing, 
policy,  federation  and  reliability 

“We  have  the  base  infrastruc- 
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ture  to  send  an  [XML]  message 
from  Point  A  to  Point  B,  but  now 
we  have  to  make  it  secure,  reli¬ 
able  and  transactional,”  says  Eric 
Rudder,  senior  vice  president  of 
the  developer  and  platform  evan¬ 
gelism  division. 

But  Windows.Net  Server  is  only 
an  incremental  step  toward  the 
full  .Net  platform  that  will  begin 
to  take  shape  with  the  Longhorn 
release  of  the  operating  system, 
which  is  now  more  than  two 
years  out,  according  to  Gates. 

Longhorn  will  include  what 
Gates  calls  his  Holy  Grail:  a  uni¬ 
fied  data  store  technology  that 
lets  users  search  across  the  Wind¬ 
ows  platform,  providing  a  founda¬ 
tion  for  ubiquitous  access  to 
XML-formatted  data  for  Web  ser¬ 
vices  applications. 

The  first  taste  of  that  is  slated  for 
release  in  the  first  half  of  next 
year  with  the  Yukon  version  of 
SQL  Server.  Microsoft’s  Exchange 
collaboration  server,  however, 
won’t  add  Yukon-like  technology 
until  its  Kodiak  release,  likely 
sometime  in  late  2005  or  2006. 

Those  two  servers  along  with 
the  operating  system  would  pull 
together  a  file  system,  a  database 
and  a  store  of  unstructured  col¬ 
laboration  data  into  one  virtual 
data  source  based  on  technology 
similar  to  Yukon. 

Microsoft  also  plans  two  up¬ 
dates  to  Visual  Studio.Net,  one  to 
support  Windows.Net  Server  and 
one  for  Yukon.  Microsoft  also  is 
widening  its  options  for  develop¬ 
ers,  last  week  unveiling  software 
to  link  .Net  with  Oracle  databases 
and  a  partnership  with  Covalent 
Technologies  that  links  .Net  and 
Covalent’s  version  of  the  Apache 
Web  server  (see  story  page  61).  ■ 
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Microsoft  .Net  comes  to  Apache  for  a  price 


■  BY  MATT  BERGER 

SAN  DIEGO  —  Covalent  Technologies, 
which  sells  software  that  sits  on  top  of  the 
popular  free  Apache  Web  server,  last  week 
announced  a  new  version  of  its  product 
that  lets  developers  use  Microsoft’s  .Net 
programming  tools  to  write  Web  applica¬ 
tions  that  run  on  Apache. 

The  company  released  its  Enterprise 
Ready  Server,  which  is  based  on  Version  2.0 
of  Apache,  and  comes  with  new  support 
for  Microsoft’s  ASPNet  (Active  Server 
Pages)  development  platform. 

Previously,  ASPNet  applications  could 
only  run  on  Microsoft’s  Internet  Infor¬ 
mation  Server  (IIS),  a  competitor  to 
Apache.  As  a  result.  Covalent  says,  major 
Apache  users,  such  as  Morgan  Stanley 

IfcThis  is  just  another 
example  of  how  Microsoft  is 
working  with  other  applica¬ 
tion  vendors  to  make  .Net 
interoperable . . .  11 


open  source  project. 

The  added  support  for  Apache  comes 
one  day  after  Microsoft  announced  that  it 
would  extend  its  .Net  platform  to  better 


work  with  database  software  from  Oracle. 

“This  is  just  another  example  of  how 
Microsoft  is  working  with  other  applica¬ 
tion  vendors  to  make  .Net  interoperable 


with  other  platforms,”  Zemlin  says. 

Berger  is  a  correspondent  with  the  IDG 
News  Service  s  San  Francisco  bureau. 
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Dean  Witter  &  Co.  and  Bear  Stearns  &  Co., 
have  used  both  IIS  and  Apache  to  accom¬ 
modate  various  Web  applications  designed 
inside  their  organizations. 

“They  can  now  consolidate  their  appli¬ 
cations  on  a  single  platform,”  says  Jim 
Zemlin,  vice  president  of  marketing  at 
Covalent.  Customers  also  will  be  able  to 
write  applications  for  Apache  2.0  using 
Microsoft's  Visual  Studio  .Net  develop¬ 
ment  tools. 

Apache  is  the  most  widely  used  Web 
server,  according  to  a  survey  from  Net- 
craft.  Many  users  choose  the  technology 
over  IIS  because  of  its  better  track  record 
with  reliability  and  security,  according  to 
Stacey  Quandt,  an  analyst  with  Giga 
Information  Group. 

With  help  from  Microsoft,  Covalent  says 
it  developed  a  module  for  its  Enterprise 
Ready  Server  that  would  let  ASPNet  appli¬ 
cations  run  on  Apache  2.0.  However,  orga¬ 
nizations  that  use  the  freely  available  Web 
server  won’t  be  able  to  run  ASPNet  appli¬ 
cations  unless  they  purchase  Covalent’s 
software.  Zemlin  says  the  company  does¬ 
n’t  plan  to  release  an  open  source  version 
of  its  .Net  module. 

Brian  Behlendorf,  president  of  the 
Apache  Software  Foundation  and  one  of 
the  original  authors  of  the  technology  says 
Covalent’s  work  adding  support  for  ASPnet 
applications  bodes  well  for  Apache,  even  if 
the  software  is  not  free  to  Apache  users.  He 
notes  that  Covalent  employs  a  number  of 
developers  that  contribute  to  the  Apache 
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BackSpin 


Mark  Gibbs 


Breaking  Windows 


i 


was  intrigued  to  read  recently 
that  Wal-Mart  is  going  to  sell  a 
new  budget  PC  line. The  hard¬ 
ware,  made  by  Microtel,  ranges  from 
a  $300  machine  powered  by  an  850- 
MHz  AMD  processor  to  a  $600  box 
with  a  1.8-GHz  Intel  Pentium  4  processor.  While  those 
might  seem  to  be  great  prices,  the  thing  that  makes  it 
possible  is  that  the  machines  don’t  have  Windows 
preinstalled. What  they  offer  instead  is  LindowsOS. 

LindowsOS,  from  Lindows.com  (www.lindows. 
com)  is  a  heady  combination  of  Linux  and  Wine. 

Wine,  according  to  Wine  Development  HQ  (www. 
winehq.com/about/),  is  “an  implementation  of  the 
Windows  Win32  and  Win  16  APIs  on  top  of  X  and 
Unix.Think  of  Wine  as  a  Windows  compatibility 
layer.  Wine  provides  both  a  development  tool  kit 
(Winelib)  for  porting  Windows  sources  to  Unix  and 
a  program  loader,  allowing  many  unmodified 
Windows  3 . x/95/98/M E7 NT/2000/XP  binaries  to  run 
under  Intel  Unixes.Wine  works  on  most  popular 
Intel  Unixes,  including  Linux,  FreeBSD  and  Solaris.” 

LindowsOS  supports  most  Windows  applications 
with  the  exception  of  games  —  that  is  to  say,  it  won’t 
run  any  application  that  requires  DirectX. What  the 
Lindows  folks  did  to  improve  on  Wine  was  to  focus 
on  supporting  applications  rather  than  knocking  off 
support  for  each  Windows  API. 


This,  I  am  told  by  John  Bromhead.vice  president  of 
marketing  for  Lindows,  lets  the  company  build  sup¬ 
port  for  specific  target  applications,  giving  it  the 
opportunity  to  bring  the  system  to  market  quickly 

Anyway  LindowsOS’ Windows  applications  support 
is  solid  enough  to  support  Windows  productivity 
offerings  such  as  Office  2000  and  Lotus  Notes.  And  if 
you  don’t  fancy  shelling  out  for  Office,  LindowsOS,  of 
course,  supports  Sun’s  StarOffice  6.0. 

What  I  find  so  interesting  about  StarOffice  (which 
in  the  6.0  release,  I  am  told,  is  solid  and  fast  and  can 
exchange  data  with  Microsoft  Office  applications)  is 
that  the  native  format  of  StarOffice  applications  is 
XML.This  means  that  once  you  migrate  documents 
to  StarOffice  your  ability  to  integrate  them  into 
knowledge  management  systems  is  much  greater 
than  with  Microsoft’s  native  formats. 

And  this  is  the  key  to  anyone  considering  migrat¬ 
ing  to  the  likes  of  LindowsOS  —  the  ability  to  get 
your  data  into  the  new  system.  If  that  is  possible,  then 
the  next  hurdles  are  having  the  right  applications  to 
work  with  the  data  and  a  framework  (an  operating 
system)  in  which  the  data  and  applications  exist  that 
is  fast,  full  featured  and  reliable. 

LindowsOS  looks  capable  of  doing  all  this  and 
more,  which  means  that,  for  the  first  time,  there  might 
be  a  viable  alternative  to  Microsoft  Windows. 

Better  still,  Lindows  offers  what  it  calls  the  Click-n- 


www.nwfusion.com 


Run  Warehouse^  repository  of  1,644  applications 
that  can  be  installed  online  with  one  click.The  cost 
of  full  access  to  the  library  is  a  paltry  $99  per  year. 

So  let’s  assume  that  LindowsOS  is  all  that  it  claims 
to  be.  Why  wouldn’t  you  consider  making  it  the 
underpinnings  of  your  corporate  IT  strategy? 

The  forthcoming  general  release  will  support  the 
majority  of  PCs  (the  current  Wal-Mart  version  is  opti¬ 
mized  for  Microtel  platforms)  and  the  price  of 
LindowsOS,  probably  about  $100,  will  be  appealing. 

Installing  LindowsOS  is  said  to  be  a  few  minutes, 
with  networking  and  other  facilities  autoconfiguring 
themselves.  Managing  Linux-based  systems  is  well- 
understood  and  should  fit  into  most  net  manage 
ment  systems  with  ease. 

In  short,  Lindows  should  be  a  very  appealing  strate 
gic  solution  that  has  significant  cost  benefits. 

So  what  would  it  take  to  get  your  company  to 
switch?  Success  stories?  Technical  proofs?  What 
would  it  take? 

I  mean,  its  not  like  there  aren’t  a  gazillion  IT  people 
who  claim  to  be  desperate  to  jettison  Microsoft  from 
their  corporate  networks. 

I  think  we  have  here  perhaps  the  first  serious  con¬ 
tender  that  could  take  market  share  from  Microsoft, 
but  what  do  you  need  to  be  convinced? 

So  tell  me  at  backspin@gibbs.com. 
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By  Paul  McNamara 

Weighing  the  true  costs  of  spam  filters 

Depending  on  your  point  of  view,  spam  filters  are: 

A)  Necessary. 

B)  Evil. 

C)  A  necessary  evil. 

And  the  three  might  not  be  mutually  exclusive. 

Geoff  Duncan  is  technical  editor,  subscriptions 
manager  and  Web  developer  for TidBITS,  an  e-mail 
subscription  and  online  publication  that  caters  to  the  Macintosh  crowd.  He  recently 
wrote  about  the  results  of  his  informal  research  into  the  effects  that  spam  filtering 
by  others  is  having  on  his  organization’s  ability  to  electronically  deliver  TidBITS.  (You 
can  read  his  complete  report  at  http://db.tidbits.com/getbits.acgi?tbart=06866.) 

“In  the  last  year  or  so,  we’ve  noticed  a  new  trend:  Some  weeks,  we  get  errors  from 
hundreds  [or  even  thousands]  of  subscribers  whose  servers  refuse  delivery  of 
TidBITS  issues,”  Duncan  writes.  “On  the  heels  of  these  errors,  we  usually  receive  a 
flurry  of  complaints:  ’Why  didn’t  I  get  this  week's  issue?'  or  ‘Please  fix  my  subscrip¬ 
tion  —  I  didn’t  get  TidBITS  today  but  your  system  says  I’m  still  on  the  list."' 

The  problem  is  false  positives.  Ham-handed  filters  are  erroneously  flagging 
TidBITS  content  as  being  spam  —  or  in  some  cases,  a  virus. 

While  few  will  dispute  that  spam  is  to  e-mail  what  grubs  are  to  lawns,  there  might 
■  ed  t;  be  more  discussion  about  whether  currently  available  spam  filters  and  filter- 
vchniques  constitute  an  appropriate  pesticide  or  a  modern-day  Agent  Orange. 

‘  jgh  he  uses  filters  himself,  Duncan  has  his  doubts. 

v  t,  we’re  starting  to  see  signs  that  e-mail,  often  hailed  as  the  Internet's  killer 
-  danger  of  becoming  an  unreliable,  arbitrarily  censored  medium"  he  says. 
a  ek  alone,  a  whopping  10%  of  TidBITS  recipients  —  4,000  readers  —  failed 
■  v  6 «  1  ows  they  had  requested  simply  because  a  TidBITS  writer  made  a 


passing  reference  to  Viagra.  Worse  yet,  in  writing  about  the  filtering  fallout  Duncan 
was  reduced  to  referring  to  Viagra  as  “a  well-known  Pfizer  drug  for  men,"  lest 
repeating  the  brand  name  cause  his  report  to  again  run  afoul  of  the  filters. 

Self-censorship  has  apparently  become  a  way  of  life  atTidBITS.  And  while  simply 
avoiding  the  word  Viagra  might  seem  a  small  price  to  pay  in  the  interest  of  spam 
control,  it  quickly  becomes  apparent  that  writing  around  these  filters  is  easier  said 
than  done.  Other  examples  from  Duncan's  file: 

•  Mentioning  Napster  in  an  article  got  TidBITS  rejected  by  about  120  e-mail 
servers.  (Duncan  had  to  call  the  offensive  proper  name  "a  well-known  peer-to-peer 
music  swapping  service.") 

•  Another  story  was  blocked  by  more  than  1,100  sites  for  mentioning  a  particularly 
annoying  online  ad  campaign  for  video  cameras.  (Yes,  it  was  X10,  and  no,  Duncan 
could  not  risk  printing  the  name  in  his  piece  about  filtering.)  Other  sites  rejected  this 
story  because  it  included  the  word  "undress.” 

•  The  words  “my"  and  "pictures"  in  succession  kept  another  batch  of  TidBITS 
material  from  hundreds  of  intended  recipients. 

While  the  benefits  of  spam  filtering  are  clear  and  clearly  desirable,  Duncan 
believes  that  not  enough  emphasis  is  being  placed  on  the  costs. 

"As  much  as  on-target  filtering  might  save  administrators  and  users  time,  money 
and  trouble,  filtering  that  backfires  also  has  direct  costs,”  Duncan  says.  "Part  of 
that  cost  is  passed  off  to  the  sender  whose  e-mail  has  been  improperly  identified: 
Every  time  spam  filtering  hits  TidBITS,  I  get  to  track  the  problem  down,  deal  with 
e-mail  administrators  and  assuage  irritated  subscribers.” 

Those  doing  the  filtering  also  pay,  he  says,  in  administrator  time  and  the  lost  pro¬ 
ductivity  —  if  not  actual  lost  business  —  that  can  come  with  missing  e-mail. 

Something  tells  me  this  issue  isn’t  going  away  any  time  soon. 

Yes,  we  use  spam  filters  at  Network  World,  but  that  shouldn  't  stop  you  from  writ¬ 
ing.  The  address  is  buzz@nww.com. 
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